Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
28-11-2022 12:14
Behavioral task
behavioral1
Sample
8114dad38b72dda05048e3ed3b4fe06d0d5f9b4f6969ff212f7bed97a80a49d9.doc
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8114dad38b72dda05048e3ed3b4fe06d0d5f9b4f6969ff212f7bed97a80a49d9.doc
Resource
win10v2004-20220901-en
General
-
Target
8114dad38b72dda05048e3ed3b4fe06d0d5f9b4f6969ff212f7bed97a80a49d9.doc
-
Size
52KB
-
MD5
0d33fb33f8b7c62cacb865d2c4de31e3
-
SHA1
d54ea5c8a659bb4dea8032e86544306de6f62081
-
SHA256
8114dad38b72dda05048e3ed3b4fe06d0d5f9b4f6969ff212f7bed97a80a49d9
-
SHA512
1d6a6df2dc43abdbd9ef43fa206943ac86ea246ff8d3fb9bb6fbed6ae3e975ff6ce77766084da0175ee663b448cd7742556d04622cf9a940a6f975f0169b449f
-
SSDEEP
768:laMYgUV1P9K5LXky6lBFLLjdV6PUb3o/L32r:1YgUV1P9K5LXoFLjFb3E
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 1780 WINWORD.EXE 1780 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 20 IoCs
Processes:
WINWORD.EXEpid process 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE 1780 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\8114dad38b72dda05048e3ed3b4fe06d0d5f9b4f6969ff212f7bed97a80a49d9.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1780-132-0x00007FFC32230000-0x00007FFC32240000-memory.dmpFilesize
64KB
-
memory/1780-133-0x00007FFC32230000-0x00007FFC32240000-memory.dmpFilesize
64KB
-
memory/1780-134-0x00007FFC32230000-0x00007FFC32240000-memory.dmpFilesize
64KB
-
memory/1780-135-0x00007FFC32230000-0x00007FFC32240000-memory.dmpFilesize
64KB
-
memory/1780-136-0x00007FFC32230000-0x00007FFC32240000-memory.dmpFilesize
64KB
-
memory/1780-137-0x00007FFC2FA10000-0x00007FFC2FA20000-memory.dmpFilesize
64KB
-
memory/1780-138-0x00007FFC2FA10000-0x00007FFC2FA20000-memory.dmpFilesize
64KB