Analysis
-
max time kernel
143s -
max time network
137s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-03-2021 12:51
Static task
static1
Behavioral task
behavioral1
Sample
documenti,03.11.2021.doc
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
documenti,03.11.2021.doc
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
documenti,03.11.2021.doc
-
Size
76KB
-
MD5
6d03104da5d4553116fa45badb829dc9
-
SHA1
971d1e446ec4a03ab2e41bfa3326bb1b8b688945
-
SHA256
ec2a5471a7309321ccd5aa24c3471c900dcfc9aeb357359d46e79ac65da27020
-
SHA512
cb1c7069b51e95726b819fd27ee6a576cdf873089bae6ed7ce68cecc6f3a09214f13f04e3abfeca735dcdae0c0fdbbbcf657c0a3b55d95adffa97790fc1e5007
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 860 WINWORD.EXE 860 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
WINWORD.EXEpid process 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE 860 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\documenti,03.11.2021.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:860
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/860-2-0x00007FFB60CA0000-0x00007FFB60CB0000-memory.dmpFilesize
64KB
-
memory/860-3-0x00007FFB60CA0000-0x00007FFB60CB0000-memory.dmpFilesize
64KB
-
memory/860-4-0x00007FFB60CA0000-0x00007FFB60CB0000-memory.dmpFilesize
64KB
-
memory/860-5-0x00007FFB60CA0000-0x00007FFB60CB0000-memory.dmpFilesize
64KB
-
memory/860-6-0x00007FFB80F20000-0x00007FFB81557000-memory.dmpFilesize
6.2MB
-
memory/860-7-0x00000275FF1B0000-0x00000275FF1B4000-memory.dmpFilesize
16KB