Analysis
-
max time kernel
121s -
max time network
134s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
30-04-2021 07:11
General
-
Target
Request for New Quote - Valve Ist Order.doc.rtf
-
Size
318KB
-
MD5
7d80d39f97a6e35dfc339a44d4b76d5c
-
SHA1
c3dc95cd79dbdac0012105f4eab82633f5261f66
-
SHA256
13340714da4aa2f3934591b6e845db59a99dbfbfcd948b96332e64378057453c
-
SHA512
762911be3b0669a521a3b4f12609d7d4a711dc5e8ace2ef3e1395bd9d4688d7fadc84a91c2f4373c7098b7175b2c7382ad9d969ab4f51e85b6b37fe281a3b12e
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Request for New Quote - Valve Ist Order.doc.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3176-114-0x00007FFD35790000-0x00007FFD357A0000-memory.dmpFilesize
64KB
-
memory/3176-115-0x00007FFD35790000-0x00007FFD357A0000-memory.dmpFilesize
64KB
-
memory/3176-116-0x00007FFD35790000-0x00007FFD357A0000-memory.dmpFilesize
64KB
-
memory/3176-117-0x00007FFD35790000-0x00007FFD357A0000-memory.dmpFilesize
64KB
-
memory/3176-119-0x00007FFD35790000-0x00007FFD357A0000-memory.dmpFilesize
64KB
-
memory/3176-118-0x00007FFD56EC0000-0x00007FFD599E3000-memory.dmpFilesize
43.1MB
-
memory/3176-122-0x00007FFD50240000-0x00007FFD5132E000-memory.dmpFilesize
16.9MB
-
memory/3176-123-0x00007FFD4E340000-0x00007FFD50235000-memory.dmpFilesize
31.0MB