Analysis
-
max time kernel
121s -
max time network
141s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
27-01-2022 13:04
Static task
static1
Behavioral task
behavioral1
Sample
Alligator Pty Ltd Quote.rtf
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Alligator Pty Ltd Quote.rtf
Resource
win10-en-20211208
windows10_x64
0 signatures
0 seconds
General
-
Target
Alligator Pty Ltd Quote.rtf
-
Size
11KB
-
MD5
5ca2cd21f345b9af1dcb83321284c60f
-
SHA1
858e1756867ad4c771ea5065fc5b42de2e1f0a7c
-
SHA256
d76844ff49e147c7c93bafadbafe15eced2ab1ab22ffe4a0fd93434bba4351f8
-
SHA512
6be94ca0705eaa78c437819b0a66d2f87c34ceab51ab4b73e632b5c5961eb54157bd746b3012e640a3880346a539a71f7f3bf0b022c612486ee1f18768780634
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 1804 WINWORD.EXE 1804 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
WINWORD.EXEpid process 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Alligator Pty Ltd Quote.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1804-118-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmpFilesize
64KB
-
memory/1804-119-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmpFilesize
64KB
-
memory/1804-120-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmpFilesize
64KB
-
memory/1804-121-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmpFilesize
64KB
-
memory/1804-124-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmpFilesize
64KB
-
memory/1804-125-0x00007FF7EF4D0000-0x00007FF7EF4E0000-memory.dmpFilesize
64KB
-
memory/1804-126-0x00007FF7EF4D0000-0x00007FF7EF4E0000-memory.dmpFilesize
64KB
-
memory/1804-358-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmpFilesize
64KB
-
memory/1804-359-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmpFilesize
64KB
-
memory/1804-360-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmpFilesize
64KB
-
memory/1804-361-0x00007FF7F2D00000-0x00007FF7F2D10000-memory.dmpFilesize
64KB