Analysis
-
max time kernel
158s -
max time network
174s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 00:27
Static task
static1
Behavioral task
behavioral1
Sample
9b1d4574211817f93a0eaf2b9a08c8361af0a5e2e2f68992851280852c7467bb.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9b1d4574211817f93a0eaf2b9a08c8361af0a5e2e2f68992851280852c7467bb.doc
Resource
win10v2004-20220414-en
General
-
Target
9b1d4574211817f93a0eaf2b9a08c8361af0a5e2e2f68992851280852c7467bb.doc
-
Size
44KB
-
MD5
0454bf01bcd7d28404f31d1c1c564e2a
-
SHA1
0e90e9d37f70167e119c8e7ae336e764a27e5748
-
SHA256
9b1d4574211817f93a0eaf2b9a08c8361af0a5e2e2f68992851280852c7467bb
-
SHA512
d6ea20c485bb6e553a1976ddfdd79a0886ad084f26b2160de53aa5b1f5a0cf2cd457322e6e8d1e2cca20dab4d2601d77740244e468ee689271f3b7bd485a43da
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 2604 WINWORD.EXE 2604 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
Processes:
WINWORD.EXEpid process 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE 2604 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\9b1d4574211817f93a0eaf2b9a08c8361af0a5e2e2f68992851280852c7467bb.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2604-130-0x00007FF9BC5B0000-0x00007FF9BC5C0000-memory.dmpFilesize
64KB
-
memory/2604-132-0x00007FF9BC5B0000-0x00007FF9BC5C0000-memory.dmpFilesize
64KB
-
memory/2604-131-0x00007FF9BC5B0000-0x00007FF9BC5C0000-memory.dmpFilesize
64KB
-
memory/2604-133-0x00007FF9BC5B0000-0x00007FF9BC5C0000-memory.dmpFilesize
64KB
-
memory/2604-134-0x00007FF9BC5B0000-0x00007FF9BC5C0000-memory.dmpFilesize
64KB
-
memory/2604-135-0x00007FF9BA220000-0x00007FF9BA230000-memory.dmpFilesize
64KB
-
memory/2604-136-0x00007FF9BA220000-0x00007FF9BA230000-memory.dmpFilesize
64KB
-
memory/2604-137-0x000001BB56F88000-0x000001BB56F8A000-memory.dmpFilesize
8KB
-
memory/2604-139-0x00007FF9BC5B0000-0x00007FF9BC5C0000-memory.dmpFilesize
64KB
-
memory/2604-141-0x00007FF9BC5B0000-0x00007FF9BC5C0000-memory.dmpFilesize
64KB
-
memory/2604-140-0x00007FF9BC5B0000-0x00007FF9BC5C0000-memory.dmpFilesize
64KB
-
memory/2604-142-0x00007FF9BC5B0000-0x00007FF9BC5C0000-memory.dmpFilesize
64KB