278a01105105ba46b8303bb8933c4a3010aa7098342460ab4090e3ddbafb19ab

Analysis

max time kernel
137s
max time network
166s
platform
windows10_x64
resource
win10-en-20211208
submitted
31-01-2022 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NewOrder-PO300122.rtf
Size

2.2MB
MD5

a9c56c16c6c705510fea0b1419f87ec0
SHA1

b6274154f6f8301de35df1c346d534a0c782ec6d
SHA256

278a01105105ba46b8303bb8933c4a3010aa7098342460ab4090e3ddbafb19ab
SHA512

6f127ca937b147b616d563ab2eb1535488d0187a5bd8aa9b7d70ad3462a1d4899f7be47095a60251aaf1381a1f13fea8d247d1775995ed9f1c2b0d82f9788e32

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

NTFS ADS 1 IoCs

Processes:

WINWORD.EXE

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\{E00C569A-5A8D-40FF-BB9A-42BB4F2748CD}\Client.vbs:Zone.Identifier	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

1896 WINWORD.EXE
1896 WINWORD.EXE
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

WINWORD.EXE

pid process

1896 WINWORD.EXE
1896 WINWORD.EXE
1896 WINWORD.EXE
1896 WINWORD.EXE
1896 WINWORD.EXE
1896 WINWORD.EXE
1896 WINWORD.EXE

pid	process
1896	WINWORD.EXE
1896	WINWORD.EXE

pid	process
1896	WINWORD.EXE
1896	WINWORD.EXE
1896	WINWORD.EXE
1896	WINWORD.EXE
1896	WINWORD.EXE
1896	WINWORD.EXE
1896	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\NewOrder-PO300122.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1896

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1896-117-0x00007FFB428B0000-0x00007FFB428C0000-memory.dmp

Filesize
64KB

Download
memory/1896-118-0x00007FFB428B0000-0x00007FFB428C0000-memory.dmp

Filesize
64KB

Download
memory/1896-119-0x00007FFB428B0000-0x00007FFB428C0000-memory.dmp

Filesize
64KB

Download
memory/1896-120-0x00007FFB428B0000-0x00007FFB428C0000-memory.dmp

Filesize
64KB

Download
memory/1896-121-0x00007FFB428B0000-0x00007FFB428C0000-memory.dmp

Filesize
64KB

Download
memory/1896-124-0x00007FFB3FD60000-0x00007FFB3FD70000-memory.dmp

Filesize
64KB

Download
memory/1896-125-0x00007FFB3FD60000-0x00007FFB3FD70000-memory.dmp

Filesize
64KB

Download
memory/1896-325-0x00007FFB428B0000-0x00007FFB428C0000-memory.dmp

Filesize
64KB

Download
memory/1896-326-0x00007FFB428B0000-0x00007FFB428C0000-memory.dmp

Filesize
64KB

Download
memory/1896-327-0x00007FFB428B0000-0x00007FFB428C0000-memory.dmp

Filesize
64KB

Download
memory/1896-328-0x00007FFB428B0000-0x00007FFB428C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads