Overview

overview

10

Static

static

806b6bdbd0...04.doc

windows7-x64

10

806b6bdbd0...04.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    114s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc

  • Size

    324KB

  • MD5

    510373e64ab11602490e0e5eb36ef4d1

  • SHA1

    284e402d86e35a510e428bd6dc990e1d6d87a8bc

  • SHA256

    806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204

  • SHA512

    30f536eeccc1200bf69f3adef6214387a17c919f332ca120b56e1d20dfd9e996c4aaa38f4d593ee7d25e05f8add7b17ea02922e3d4ac59403ab1d574c76345ff

  • SSDEEP

    6144:xzAFVteZhTDb2WzbxEvk69q6CC4KEqU/G0VmyhNz+0dfpnXh:CfeqAxEvl9j34KEqcG02sRh

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\806b6bdbd08ad3ce6ef80e98af391220a71b4a69169c159e582067df46a26204.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:4876

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1436-132-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-133-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-134-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-135-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-136-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-137-0x00007FFDBBF80000-0x00007FFDBBF90000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-138-0x00007FFDBBF80000-0x00007FFDBBF90000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-141-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-142-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-143-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1436-144-0x00007FFDBE670000-0x00007FFDBE680000-memory.dmp

      Filesize

      64KB

      Download