Analysis
-
max time kernel
136s -
max time network
146s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-03-2021 12:51
Static task
static1
Behavioral task
behavioral1
Sample
dettagli-03.21.doc
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
dettagli-03.21.doc
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
dettagli-03.21.doc
-
Size
76KB
-
MD5
084eaa78393d9b431e709a32bb5e6d64
-
SHA1
b4306fcd6d15185ae9f0f37f9363fe858b2453d0
-
SHA256
4b02ac4b78c52df20067a51effb006597724a42bb797a68660e94c2358aa5cd3
-
SHA512
3848f1ada0e4ac4f460909b43685260455bcc5e1c4d1b8b19ea8c3d35812bb72bfe92fff567f84e765b008b8630bb4b7216ff6b1a5a106ba35a80237616fe5f4
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 4716 WINWORD.EXE 4716 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
WINWORD.EXEpid process 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE 4716 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\dettagli-03.21.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4716
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4716-2-0x00007FF965210000-0x00007FF965220000-memory.dmpFilesize
64KB
-
memory/4716-3-0x00007FF965210000-0x00007FF965220000-memory.dmpFilesize
64KB
-
memory/4716-4-0x00007FF965210000-0x00007FF965220000-memory.dmpFilesize
64KB
-
memory/4716-5-0x000002278A910000-0x000002278AF47000-memory.dmpFilesize
6.2MB
-
memory/4716-6-0x00007FF965210000-0x00007FF965220000-memory.dmpFilesize
64KB
-
memory/4716-7-0x0000022799000000-0x0000022799004000-memory.dmpFilesize
16KB