Analysis
-
max time kernel
141s -
max time network
136s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-03-2021 12:52
Static task
static1
Behavioral task
behavioral1
Sample
regola.03.11.2021.doc
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
regola.03.11.2021.doc
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
regola.03.11.2021.doc
-
Size
75KB
-
MD5
2c7f9c72c4cf58d1179bda3ad3e7f9d3
-
SHA1
d6aaf0bfe29dafa13d1d4113fe0ebcf421b3d4e3
-
SHA256
fa7f50073bad7ff7d14dc635ffc2479fcdb9db2783f8614a56d7c953eb06e633
-
SHA512
4480a3bd06d965ac416b6f7534b9210ae01cb02df0b48275e0100c96884decea9d6b83314987b9420a3cd7147943b43952241c2294eca7316b7b35b1b77ed670
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 728 WINWORD.EXE 728 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
WINWORD.EXEpid process 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE 728 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\regola.03.11.2021.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:728
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/728-2-0x00007FF97B640000-0x00007FF97B650000-memory.dmpFilesize
64KB
-
memory/728-3-0x00007FF97B640000-0x00007FF97B650000-memory.dmpFilesize
64KB
-
memory/728-4-0x00007FF97B640000-0x00007FF97B650000-memory.dmpFilesize
64KB
-
memory/728-5-0x00007FF97B640000-0x00007FF97B650000-memory.dmpFilesize
64KB
-
memory/728-6-0x00007FF99AE00000-0x00007FF99B437000-memory.dmpFilesize
6.2MB
-
memory/728-7-0x000001D6996B0000-0x000001D6996B4000-memory.dmpFilesize
16KB
-
memory/728-8-0x00007FF993CB0000-0x00007FF994650000-memory.dmpFilesize
9.6MB