Overview

overview

4

Static

static

Customer s...nt.doc

windows7_x64

4

Customer s...nt.doc

windows10_x64

4

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    21-07-2021 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Customer statement.doc

  • Size

    60KB

  • MD5

    6a0b254fa9bf238cde9975acbb556da3

  • SHA1

    c4778fd61e090ccf7367e8baaa3059292f4c7daa

  • SHA256

    bae1e581b513a1a7f1a0f0c8c8f11d2e21b30a10f4a021922cddeec2f62e9cb7

  • SHA512

    11ad37c57a8b15c90a3540d487d7084f2fd40090de4d8428f0662e95ad14c7a4e2342155eed7dc045bff153eebbc3ebcb1d00a8c02e6862040cc0c1fe47361a1

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 18 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Customer statement.doc" /o ""
    1⤵
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:4648

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4648-114-0x00007FFA38500000-0x00007FFA38510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4648-115-0x00007FFA38500000-0x00007FFA38510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4648-116-0x00007FFA38500000-0x00007FFA38510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4648-117-0x00007FFA38500000-0x00007FFA38510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4648-119-0x00007FFA38500000-0x00007FFA38510000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4648-118-0x00007FFA592C0000-0x00007FFA5BDE3000-memory.dmp

    Filesize

    43.1MB

    Download

  • memory/4648-122-0x00007FFA54150000-0x00007FFA5523E000-memory.dmp

    Filesize

    16.9MB

    Download

  • memory/4648-123-0x00007FFA52250000-0x00007FFA54145000-memory.dmp

    Filesize

    31.0MB

    Download

  • memory/4648-276-0x000001CD03D20000-0x000001CD03D24000-memory.dmp

    Filesize

    16KB

    Download