Overview

overview

8

Static

static

8

264bc60659...8b.doc

windows7-x64

1

264bc60659...8b.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    185s
  • max time network
    191s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2022 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    264bc60659b85658ee0607fd20b5398b.doc

  • Size

    73KB

  • MD5

    264bc60659b85658ee0607fd20b5398b

  • SHA1

    eed936120ced47b0e34a389eb02580fe69af4960

  • SHA256

    244c639c58e30b0a5cccc7d7163ee5b14410f7ac33e36a08569948d8ef649cfe

  • SHA512

    48c4e002cfdb91ea47b0b81530c2041e9ddef850e58d9352a56c536315abcd32b448deaa4f709147f988e2e040d586c6df01627752aac346048df6f8d06af5e6

  • SSDEEP

    1536:ASLTdXlavIjG8JRGtEBdGJHvFG0SGKjGottaMJf+Dg16VrKjq:bL9lgxemDw6VrK+

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\264bc60659b85658ee0607fd20b5398b.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4708

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4708-132-0x00007FF7F07B0000-0x00007FF7F07C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-133-0x00007FF7F07B0000-0x00007FF7F07C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-134-0x00007FF7F07B0000-0x00007FF7F07C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-135-0x00007FF7F07B0000-0x00007FF7F07C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-136-0x00007FF7F07B0000-0x00007FF7F07C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-137-0x00007FF7EE640000-0x00007FF7EE650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-138-0x00007FF7EE640000-0x00007FF7EE650000-memory.dmp

    Filesize

    64KB

    Download