Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 10:02
Behavioral task
behavioral1
Sample
df04307cbc6f2ed58ca38cfa4663214a1eac440668408bc8e40b3471485b244e.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
df04307cbc6f2ed58ca38cfa4663214a1eac440668408bc8e40b3471485b244e.doc
Resource
win10v2004-20220812-en
General
-
Target
df04307cbc6f2ed58ca38cfa4663214a1eac440668408bc8e40b3471485b244e.doc
-
Size
38KB
-
MD5
b40da2cd4b83ac44eaff9702623ba439
-
SHA1
0b30860618f2d967392b755b25d6592bb7213dd7
-
SHA256
df04307cbc6f2ed58ca38cfa4663214a1eac440668408bc8e40b3471485b244e
-
SHA512
96e258efeaa52588bc85eaa2c183e4cb2acca1f38a70f487674e7ec3548997fcaae8ef7a73ec5cd2b5c104e19a83e76fad67004097f35742d1c49c7fff93ba24
-
SSDEEP
384:Cg3JJkzXAlCQDbqaQs1tMrtLITUvw50jsacezveFi2by4RTiOa6Y8p:jJJk8EQv4eA0IveFi2byyGdb8p
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 740 WINWORD.EXE 740 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 19 IoCs
Processes:
WINWORD.EXEpid process 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE 740 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\df04307cbc6f2ed58ca38cfa4663214a1eac440668408bc8e40b3471485b244e.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/740-132-0x00007FFB88250000-0x00007FFB88260000-memory.dmpFilesize
64KB
-
memory/740-133-0x00007FFB88250000-0x00007FFB88260000-memory.dmpFilesize
64KB
-
memory/740-134-0x00007FFB88250000-0x00007FFB88260000-memory.dmpFilesize
64KB
-
memory/740-135-0x00007FFB88250000-0x00007FFB88260000-memory.dmpFilesize
64KB
-
memory/740-136-0x00007FFB88250000-0x00007FFB88260000-memory.dmpFilesize
64KB
-
memory/740-137-0x00007FFB85B30000-0x00007FFB85B40000-memory.dmpFilesize
64KB
-
memory/740-138-0x00007FFB85B30000-0x00007FFB85B40000-memory.dmpFilesize
64KB