Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 04:18
Static task
static1
Behavioral task
behavioral1
Sample
7a797de807b79e505026ec526a61a406be19d10b651db203df6c72df37ed771c.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7a797de807b79e505026ec526a61a406be19d10b651db203df6c72df37ed771c.doc
Resource
win10v2004-20220414-en
General
-
Target
7a797de807b79e505026ec526a61a406be19d10b651db203df6c72df37ed771c.doc
-
Size
10KB
-
MD5
7c7c5a20e758346f5cfbaff1343485f2
-
SHA1
f0c65c3df4276ebe3e30269d7387005e38ebcb8e
-
SHA256
7a797de807b79e505026ec526a61a406be19d10b651db203df6c72df37ed771c
-
SHA512
9281d8af9f65fdba147933f4781a716bb7027ace01e03fd0ace33930dbd9c90baa323ae6d45619ed187e6539712179df2675f753accf291871aa341e847f7c98
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 4040 WINWORD.EXE 4040 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 21 IoCs
Processes:
WINWORD.EXEpid process 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE 4040 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\7a797de807b79e505026ec526a61a406be19d10b651db203df6c72df37ed771c.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4040-133-0x00007FFA37810000-0x00007FFA37820000-memory.dmpFilesize
64KB
-
memory/4040-135-0x00007FFA37810000-0x00007FFA37820000-memory.dmpFilesize
64KB
-
memory/4040-134-0x00007FFA37810000-0x00007FFA37820000-memory.dmpFilesize
64KB
-
memory/4040-136-0x00007FFA37810000-0x00007FFA37820000-memory.dmpFilesize
64KB
-
memory/4040-137-0x00007FFA37810000-0x00007FFA37820000-memory.dmpFilesize
64KB
-
memory/4040-138-0x00007FFA35520000-0x00007FFA35530000-memory.dmpFilesize
64KB
-
memory/4040-139-0x00007FFA35520000-0x00007FFA35530000-memory.dmpFilesize
64KB