Overview

overview

4

Static

static

ae8177f501...82.doc

windows7-x64

4

ae8177f501...82.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    102s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae8177f5019805fcbf381c6c3cae2e1c53beefab4ea871e54fe48bbd6ef64c82.doc

  • Size

    26KB

  • MD5

    41213738288fe27dd6062a1a4392f51b

  • SHA1

    7439d6f7ff23f6ad96f9cebf87170df7926fb15e

  • SHA256

    ae8177f5019805fcbf381c6c3cae2e1c53beefab4ea871e54fe48bbd6ef64c82

  • SHA512

    4067a9a12aa8bfba108969315a251f18fd352b6855371820f72e1aa51f4f37099f384ec2ae18d14762b8ca0666665fecaba8943670b49fd55e6abe51d85afebd

  • SSDEEP

    192:g8TmTNZnfUnNqTxTmTlRBUCVq5tTDTQTC+fuUU+I3T9B802mp36L/6IZZZlwv7lN:V6VV6ctXks3XsN/6UDwv7lT

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ae8177f5019805fcbf381c6c3cae2e1c53beefab4ea871e54fe48bbd6ef64c82.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:632

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/632-132-0x00007FFE73230000-0x00007FFE73240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-133-0x00007FFE73230000-0x00007FFE73240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-134-0x00007FFE73230000-0x00007FFE73240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-135-0x00007FFE73230000-0x00007FFE73240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-136-0x00007FFE73230000-0x00007FFE73240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-137-0x00007FFE708D0000-0x00007FFE708E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-138-0x00007FFE708D0000-0x00007FFE708E0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-140-0x00007FFE73230000-0x00007FFE73240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-141-0x00007FFE73230000-0x00007FFE73240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-142-0x00007FFE73230000-0x00007FFE73240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/632-143-0x00007FFE73230000-0x00007FFE73240000-memory.dmp
    Filesize

    64KB

    Download