Overview

overview

4

Static

static

baf5de4ef4...a9.doc

windows7-x64

4

baf5de4ef4...a9.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 02:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    baf5de4ef4951cb8e631f1bf42a77578b6968f1f55f440b5ab52a218ed96d3a9.doc

  • Size

    74KB

  • MD5

    5727856a0b3968ca9af3a1f3889e0e30

  • SHA1

    8ada00a9fc7d13d9de138fc3806e854ebcdba1bf

  • SHA256

    baf5de4ef4951cb8e631f1bf42a77578b6968f1f55f440b5ab52a218ed96d3a9

  • SHA512

    e62fbc8a5cb6ad85f558885f09276853467d6db2714ed39ae9c0d189e77e4d734ff58c1698a5050d5c2d0089b7e969eb6bf8a2ae2a6032fad5bf49a753224127

  • SSDEEP

    768:ltjkuE9a8cs+u7Kq2XGbhstKZEbvQHstbRic24sEoO7jzt5NU6/9moZx4h8:PQ9bcs+u7KUbhstK4vYstbRic2Crjzt

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\baf5de4ef4951cb8e631f1bf42a77578b6968f1f55f440b5ab52a218ed96d3a9.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:3844

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1752-132-0x00007FFA8D5B0000-0x00007FFA8D5C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-134-0x00007FFA8D5B0000-0x00007FFA8D5C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-133-0x00007FFA8D5B0000-0x00007FFA8D5C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-135-0x00007FFA8D5B0000-0x00007FFA8D5C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-136-0x00007FFA8D5B0000-0x00007FFA8D5C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-137-0x00007FFA8AF20000-0x00007FFA8AF30000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-138-0x00007FFA8AF20000-0x00007FFA8AF30000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-141-0x00007FFA8D5B0000-0x00007FFA8D5C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-142-0x00007FFA8D5B0000-0x00007FFA8D5C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-143-0x00007FFA8D5B0000-0x00007FFA8D5C0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1752-144-0x00007FFA8D5B0000-0x00007FFA8D5C0000-memory.dmp

            Filesize

            64KB

            Download