Overview

overview

10

Static

static

Alligator ...te.rtf

windows7_x64

10

Alligator ...te.rtf

windows10_x64

1

Analysis

  • max time kernel
    121s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    27-01-2022 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Alligator Pty Ltd Quote.rtf

  • Size

    11KB

  • MD5

    5ca2cd21f345b9af1dcb83321284c60f

  • SHA1

    858e1756867ad4c771ea5065fc5b42de2e1f0a7c

  • SHA256

    d76844ff49e147c7c93bafadbafe15eced2ab1ab22ffe4a0fd93434bba4351f8

  • SHA512

    6be94ca0705eaa78c437819b0a66d2f87c34ceab51ab4b73e632b5c5961eb54157bd746b3012e640a3880346a539a71f7f3bf0b022c612486ee1f18768780634

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Alligator Pty Ltd Quote.rtf" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1804

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1804-118-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-119-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-120-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-121-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-124-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-125-0x00007FF7EF4D0000-0x00007FF7EF4E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-126-0x00007FF7EF4D0000-0x00007FF7EF4E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-358-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-359-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-360-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1804-361-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmp
    Filesize

    64KB

    Download