Analysis
-
max time kernel
199s -
max time network
215s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 02:38
Behavioral task
behavioral1
Sample
530875900570b3c1af0a91d1af8532ceef4191c80bdd4b260d769f5fc7d900d4.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
530875900570b3c1af0a91d1af8532ceef4191c80bdd4b260d769f5fc7d900d4.doc
Resource
win10v2004-20221111-en
General
-
Target
530875900570b3c1af0a91d1af8532ceef4191c80bdd4b260d769f5fc7d900d4.doc
-
Size
53KB
-
MD5
cff611bbf7c3880c94def25cf1b914e9
-
SHA1
a77c4431d11ff0d65f51059cd3551444eb06933b
-
SHA256
530875900570b3c1af0a91d1af8532ceef4191c80bdd4b260d769f5fc7d900d4
-
SHA512
a777049aaa6156178e1f6d9d7911dd99417a7fc42d4cb633fbf923557f6eccaff1cf5a64e226c4cb61f1571fe08038591b2fc46bc91f3c1e0676cba6048c36a1
-
SSDEEP
768:BY6l8HYyhVhE+kKMt5qT0b/Xysvkr8mKGv1UU5LodL:BY6l8HdhVhPMcSiWkzKGvk
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 4424 WINWORD.EXE 4424 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 15 IoCs
Processes:
WINWORD.EXEpid process 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE 4424 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\530875900570b3c1af0a91d1af8532ceef4191c80bdd4b260d769f5fc7d900d4.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4424-132-0x00007FFEFC0B0000-0x00007FFEFC0C0000-memory.dmpFilesize
64KB
-
memory/4424-133-0x00007FFEFC0B0000-0x00007FFEFC0C0000-memory.dmpFilesize
64KB
-
memory/4424-134-0x00007FFEFC0B0000-0x00007FFEFC0C0000-memory.dmpFilesize
64KB
-
memory/4424-135-0x00007FFEFC0B0000-0x00007FFEFC0C0000-memory.dmpFilesize
64KB
-
memory/4424-136-0x00007FFEFC0B0000-0x00007FFEFC0C0000-memory.dmpFilesize
64KB
-
memory/4424-137-0x00007FFEFA050000-0x00007FFEFA060000-memory.dmpFilesize
64KB
-
memory/4424-138-0x00007FFEFA050000-0x00007FFEFA060000-memory.dmpFilesize
64KB