Analysis
-
max time kernel
117s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 21:23
Static task
static1
Behavioral task
behavioral1
Sample
8b65220b9a1cd94d73164dfde581230880e4114f6213b6713e07c34c7ac57995.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
8b65220b9a1cd94d73164dfde581230880e4114f6213b6713e07c34c7ac57995.doc
Resource
win10v2004-20220414-en
General
-
Target
8b65220b9a1cd94d73164dfde581230880e4114f6213b6713e07c34c7ac57995.doc
-
Size
57KB
-
MD5
fbc293fa98d3db32b53ae54f12ac58b5
-
SHA1
d8dcf582bfbe771ca79a18fb1d1b4a4cb77d9b36
-
SHA256
8b65220b9a1cd94d73164dfde581230880e4114f6213b6713e07c34c7ac57995
-
SHA512
8c555b7870b8108c56fc9344e1001b8b0d9353e4b993e6c1a28af90071cc3b03b3986da9d8189f2d02e5298b94364bd387eeec0f5c2c28461a9769de285ce244
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 3628 WINWORD.EXE 3628 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 15 IoCs
Processes:
WINWORD.EXEpid process 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE 3628 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\8b65220b9a1cd94d73164dfde581230880e4114f6213b6713e07c34c7ac57995.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3628-130-0x00007FFA65B10000-0x00007FFA65B20000-memory.dmpFilesize
64KB
-
memory/3628-132-0x00007FFA65B10000-0x00007FFA65B20000-memory.dmpFilesize
64KB
-
memory/3628-131-0x00007FFA65B10000-0x00007FFA65B20000-memory.dmpFilesize
64KB
-
memory/3628-133-0x00007FFA65B10000-0x00007FFA65B20000-memory.dmpFilesize
64KB
-
memory/3628-134-0x00007FFA65B10000-0x00007FFA65B20000-memory.dmpFilesize
64KB
-
memory/3628-135-0x00007FFA63940000-0x00007FFA63950000-memory.dmpFilesize
64KB
-
memory/3628-136-0x00007FFA63940000-0x00007FFA63950000-memory.dmpFilesize
64KB
-
memory/3628-137-0x00000283115CB000-0x00000283115CD000-memory.dmpFilesize
8KB
-
memory/3628-139-0x00007FFA65B10000-0x00007FFA65B20000-memory.dmpFilesize
64KB
-
memory/3628-140-0x00007FFA65B10000-0x00007FFA65B20000-memory.dmpFilesize
64KB
-
memory/3628-141-0x00007FFA65B10000-0x00007FFA65B20000-memory.dmpFilesize
64KB
-
memory/3628-142-0x00007FFA65B10000-0x00007FFA65B20000-memory.dmpFilesize
64KB