Analysis
-
max time kernel
151s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 10:18
Behavioral task
behavioral1
Sample
e6209da8f4517e28f9a7bddfd673cb898a6de05c5007f6d12cd8ea2b0137964d.doc
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e6209da8f4517e28f9a7bddfd673cb898a6de05c5007f6d12cd8ea2b0137964d.doc
Resource
win10v2004-20221111-en
General
-
Target
e6209da8f4517e28f9a7bddfd673cb898a6de05c5007f6d12cd8ea2b0137964d.doc
-
Size
97KB
-
MD5
103b509ae042c758dee0270027e5b1b7
-
SHA1
8f5ad162f8b38ad6c6541cebf39bf06c1dc7e322
-
SHA256
e6209da8f4517e28f9a7bddfd673cb898a6de05c5007f6d12cd8ea2b0137964d
-
SHA512
024e466f3edd5aa8b96b489f23d2652adb91f00154dc1184898cba07b2be0b49e0b5b61a6818e5fd637e7d5be8774c6b297720cdabec0ceb17dd2d9763feec24
-
SSDEEP
768:L8xual1FXgWqUe4mM10APo60XugnrjlT8TchVmXyW:elTneAPo60eOWJ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 208 WINWORD.EXE 208 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 15 IoCs
Processes:
WINWORD.EXEpid process 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE 208 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\e6209da8f4517e28f9a7bddfd673cb898a6de05c5007f6d12cd8ea2b0137964d.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/208-132-0x00007FFCDE2F0000-0x00007FFCDE300000-memory.dmpFilesize
64KB
-
memory/208-133-0x00007FFCDE2F0000-0x00007FFCDE300000-memory.dmpFilesize
64KB
-
memory/208-134-0x00007FFCDE2F0000-0x00007FFCDE300000-memory.dmpFilesize
64KB
-
memory/208-135-0x00007FFCDE2F0000-0x00007FFCDE300000-memory.dmpFilesize
64KB
-
memory/208-136-0x00007FFCDE2F0000-0x00007FFCDE300000-memory.dmpFilesize
64KB
-
memory/208-137-0x00007FFCDBC60000-0x00007FFCDBC70000-memory.dmpFilesize
64KB
-
memory/208-138-0x00007FFCDBC60000-0x00007FFCDBC70000-memory.dmpFilesize
64KB
-
memory/208-139-0x000001AB5F23E000-0x000001AB5F240000-memory.dmpFilesize
8KB
-
memory/208-140-0x000001AB5F23E000-0x000001AB5F240000-memory.dmpFilesize
8KB