Overview
overview
10Static
static
5F9F8AC1F7...D_.doc
windows7_x64
45F9F8AC1F7...D_.doc
windows10-2004_x64
16B97B3CD2F...et.exe
windows7_x64
16B97B3CD2F...et.exe
windows10-2004_x64
1901FA02FFD...ar.dll
windows7_x64
1901FA02FFD...ar.dll
windows10-2004_x64
1C116CD0832..._2.exe
windows7_x64
10C116CD0832..._2.exe
windows10-2004_x64
10PlugX_3C74...20.dll
windows7_x64
10PlugX_3C74...20.dll
windows10-2004_x64
10originalfi...ae.rtf
windows7_x64
4originalfi...ae.rtf
windows10-2004_x64
1Analysis
-
max time kernel
124s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
28-05-2022 02:43
Static task
static1
Behavioral task
behavioral1
Sample
5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_.doc
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
6B97B3CD2FCFB4B74985143230441463_Gadget.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
6B97B3CD2FCFB4B74985143230441463_Gadget.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
C116CD083284CC599C024C3479CA9B70_2.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
C116CD083284CC599C024C3479CA9B70_2.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
PlugX_3C74A85C2CF883BD9D4B9F8B9746030F_DW20.dll
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
PlugX_3C74A85C2CF883BD9D4B9F8B9746030F_DW20.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
originalfile/PlugX_RTF_dropper_42fba80f105aa53dfbf50aeba2d73cae.rtf
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
originalfile/PlugX_RTF_dropper_42fba80f105aa53dfbf50aeba2d73cae.rtf
Resource
win10v2004-20220414-en
General
-
Target
5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_.doc
-
Size
507KB
-
MD5
5f9f8ac1f749b0637eca6ef15910bf21
-
SHA1
dae74fc73f98b3b9b6fd094ae512b71e499e3eb5
-
SHA256
593e4acae0c1e2a708cf986adfd0f4e59ec356c1031a97a65a87404943da94ff
-
SHA512
6b54f42a83797f332146a9c46a2ec48bc1f00bdfde6f2ff4254ec337a7f6e46d4105ee6f9bf487929323df97f3d633ce2ccbb15866d46482fc1aeaebe14b9d08
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 1912 WINWORD.EXE 1912 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 15 IoCs
pid Process 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE 1912 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1912