Analysis
-
max time kernel
103s -
max time network
141s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
30-04-2021 16:02
General
-
Target
e9251e1f_by_Libranalysis.doc
-
Size
10KB
-
MD5
e9251e1f304381e9bfcd08dbfd576ce5
-
SHA1
dcee651dbfb6f9154a3b4170a65d88c9905fa031
-
SHA256
2af39f18d2425772d604b14a66fa078ba7b2e7c1b252d9b9d6700f50023f72d2
-
SHA512
a0bbe31458b3043258a0383045ca00bdc34ff217c01ffdc2159d80b5755f72d5967e7d79f386d89bc766f222194dc52cef8021b42aad9b8443ff50296cad5a0f
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\e9251e1f_by_Libranalysis.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4448-114-0x00007FF9B4570000-0x00007FF9B4580000-memory.dmpFilesize
64KB
-
memory/4448-115-0x00007FF9B4570000-0x00007FF9B4580000-memory.dmpFilesize
64KB
-
memory/4448-116-0x00007FF9B4570000-0x00007FF9B4580000-memory.dmpFilesize
64KB
-
memory/4448-117-0x00007FF9B4570000-0x00007FF9B4580000-memory.dmpFilesize
64KB
-
memory/4448-119-0x00007FF9B4570000-0x00007FF9B4580000-memory.dmpFilesize
64KB
-
memory/4448-118-0x00007FF9D5780000-0x00007FF9D82A3000-memory.dmpFilesize
43.1MB
-
memory/4448-122-0x00007FF9D0AC0000-0x00007FF9D1BAE000-memory.dmpFilesize
16.9MB
-
memory/4448-123-0x00007FF9CD9E0000-0x00007FF9CF8D5000-memory.dmpFilesize
31.0MB