Analysis
-
max time kernel
101s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
15/09/2022, 07:45
Static task
static1
Behavioral task
behavioral1
Sample
d85f990ac75e02c73dc575f15526bce6ce2e22d488dcf75533f1a2abbb8c4fa4.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d85f990ac75e02c73dc575f15526bce6ce2e22d488dcf75533f1a2abbb8c4fa4.doc
Resource
win10v2004-20220812-en
General
-
Target
d85f990ac75e02c73dc575f15526bce6ce2e22d488dcf75533f1a2abbb8c4fa4.doc
-
Size
199KB
-
MD5
3b71fe67d8e5d7d317c8523f4d9f308e
-
SHA1
95b99031386a4b0318f00a445111f3aa2e654ab2
-
SHA256
d85f990ac75e02c73dc575f15526bce6ce2e22d488dcf75533f1a2abbb8c4fa4
-
SHA512
d8ff39afca4b0b332b7e9107caf027727334a0a1aba4ca9d73339ee61b736dc989a4e30ec148fbd9ba33cf7321d901bee70b64916121ffd363b026cb7ab0dc2d
-
SSDEEP
6144:4PUNq0dSSSSSStMS8JgM7C9M4gHoEyn/3X1wGAVOcVFJLl6f:5q0dSSSSSStMSAyntwGAV/VFplk
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2740 WINWORD.EXE 2740 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE 2740 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\d85f990ac75e02c73dc575f15526bce6ce2e22d488dcf75533f1a2abbb8c4fa4.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2740