Analysis
-
max time kernel
104s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2022 10:08
Behavioral task
behavioral1
Sample
7dcc2db732fc3c3c8bfbee2539644c8fbc19648d6b82c2fd35bc3a513cd059e6.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
7dcc2db732fc3c3c8bfbee2539644c8fbc19648d6b82c2fd35bc3a513cd059e6.doc
Resource
win10v2004-20220901-en
General
-
Target
7dcc2db732fc3c3c8bfbee2539644c8fbc19648d6b82c2fd35bc3a513cd059e6.doc
-
Size
186KB
-
MD5
8e84a0105945a7f641ec498daf94c111
-
SHA1
7eeda8d7f51c3a7165b7a74f2a63eeb379d61c1d
-
SHA256
7dcc2db732fc3c3c8bfbee2539644c8fbc19648d6b82c2fd35bc3a513cd059e6
-
SHA512
ab065a5812cdf4e10e4430e17f6d7bf99406f36fbdba5b8501b438a21e4c3f38bef4aeb4c3eb17c40f999b90100d44a2475b10906d72d275037f0420aa3acc0c
-
SSDEEP
3072:gmXdiq2a0RZ4isliWZxaa5m6s/NnydOlunCxW6Nu12XuhHqlbQBrL:gU2RZ65Zx9mH/48ur69+FYEBr
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 2952 WINWORD.EXE 2952 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
WINWORD.EXEpid process 2952 WINWORD.EXE 2952 WINWORD.EXE 2952 WINWORD.EXE 2952 WINWORD.EXE 2952 WINWORD.EXE 2952 WINWORD.EXE 2952 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\7dcc2db732fc3c3c8bfbee2539644c8fbc19648d6b82c2fd35bc3a513cd059e6.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2952-132-0x00007FFDF6EB0000-0x00007FFDF6EC0000-memory.dmpFilesize
64KB
-
memory/2952-133-0x00007FFDF6EB0000-0x00007FFDF6EC0000-memory.dmpFilesize
64KB
-
memory/2952-134-0x00007FFDF6EB0000-0x00007FFDF6EC0000-memory.dmpFilesize
64KB
-
memory/2952-135-0x00007FFDF6EB0000-0x00007FFDF6EC0000-memory.dmpFilesize
64KB
-
memory/2952-136-0x00007FFDF6EB0000-0x00007FFDF6EC0000-memory.dmpFilesize
64KB
-
memory/2952-137-0x00007FFDF4E50000-0x00007FFDF4E60000-memory.dmpFilesize
64KB
-
memory/2952-138-0x00007FFDF4E50000-0x00007FFDF4E60000-memory.dmpFilesize
64KB
-
memory/2952-140-0x00007FFDF6EB0000-0x00007FFDF6EC0000-memory.dmpFilesize
64KB
-
memory/2952-141-0x00007FFDF6EB0000-0x00007FFDF6EC0000-memory.dmpFilesize
64KB
-
memory/2952-142-0x00007FFDF6EB0000-0x00007FFDF6EC0000-memory.dmpFilesize
64KB
-
memory/2952-143-0x00007FFDF6EB0000-0x00007FFDF6EC0000-memory.dmpFilesize
64KB