Analysis
-
max time kernel
119s -
max time network
148s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
03-05-2021 13:06
General
-
Target
471e3984_by_Libranalysis.doc
-
Size
10KB
-
MD5
471e39840386d6b9c8e565123a389364
-
SHA1
d9050e2115ee03a7c8e0acc87d199ce0b4b7422a
-
SHA256
012300706ce75e6e82abdaa865aa8ff684aef99eda98f9094278b8df84e9642c
-
SHA512
13b841bab9f2ef3ce9a27854a09682ba8983df16b4551e997359511f19decb94f85b23b3811f742fd99fdb7f2985b8063a6444b6c556e7cbafebf8f4b3f4a1e5
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\471e3984_by_Libranalysis.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2840-114-0x00007FFFBE230000-0x00007FFFBE240000-memory.dmpFilesize
64KB
-
memory/2840-115-0x00007FFFBE230000-0x00007FFFBE240000-memory.dmpFilesize
64KB
-
memory/2840-116-0x00007FFFBE230000-0x00007FFFBE240000-memory.dmpFilesize
64KB
-
memory/2840-117-0x00007FFFBE230000-0x00007FFFBE240000-memory.dmpFilesize
64KB
-
memory/2840-119-0x00007FFFBE230000-0x00007FFFBE240000-memory.dmpFilesize
64KB
-
memory/2840-118-0x00007FFFE0260000-0x00007FFFE2D83000-memory.dmpFilesize
43.1MB
-
memory/2840-122-0x000001FEC8090000-0x000001FEC917E000-memory.dmpFilesize
16.9MB
-
memory/2840-123-0x00007FFFD7C90000-0x00007FFFD9B85000-memory.dmpFilesize
31.0MB