Analysis
-
max time kernel
107s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2022 01:15
Static task
static1
Behavioral task
behavioral1
Sample
c66b8ee7be81c2c53726977b0d222d428d830c346e7eb95298f9924b86492b1a.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c66b8ee7be81c2c53726977b0d222d428d830c346e7eb95298f9924b86492b1a.doc
Resource
win10v2004-20220812-en
General
-
Target
c66b8ee7be81c2c53726977b0d222d428d830c346e7eb95298f9924b86492b1a.doc
-
Size
646KB
-
MD5
36fe2be0bccb1ebfb3aaa76714d1a670
-
SHA1
c8b6d3817d81ac7a58eac685533f3899258425a1
-
SHA256
c66b8ee7be81c2c53726977b0d222d428d830c346e7eb95298f9924b86492b1a
-
SHA512
69bee1a724f83f2f2f72715f67f96862a08f6ea111987889e6d5004a5fbe98ec786801589da8050ed6de06400028c7b5170719f1581439e2b9f7b8ea494be58a
-
SSDEEP
3072:xQOeoqyFE/WVTDJOfqpjbhdRgN/bWX0ILWiX07FS0:xQOepyFGWVTlOfqpjLy1koFh
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 540 WINWORD.EXE 540 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 16 IoCs
pid Process 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE 540 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\c66b8ee7be81c2c53726977b0d222d428d830c346e7eb95298f9924b86492b1a.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:540