Analysis
-
max time kernel
113s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24/02/2023, 13:36
Static task
static1
Behavioral task
behavioral1
Sample
Jiuwu Hi-tech Pricelist February 2023.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Jiuwu Hi-tech Pricelist February 2023.rtf
Resource
win10v2004-20230220-en
General
-
Target
Jiuwu Hi-tech Pricelist February 2023.rtf
-
Size
1.8MB
-
MD5
556b264242dcc56d9b3f0de7953e59fb
-
SHA1
f55783b7ca683847f624a0892c5e9274c7a1f72c
-
SHA256
19831af2350c4b69c5abfd09278248334c964836ce9b93f9cfb8cd0300fd8e87
-
SHA512
b0d5dcee9bd7b2d175371c7f4455a0ab8dc17d5bd292ee7509180e8759c84a26ce05eae87fa0726d455e2fdaa355b13df846aeb6ebfdc8a71475cab49af906ad
-
SSDEEP
24576:Caexas2pTj4fcktkaBDUopf15clvypcvkfE2g8NyQ2gGj/951WtpWBv5JnDbELgr:Z
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 1804 WINWORD.EXE 1804 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE 1804 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Jiuwu Hi-tech Pricelist February 2023.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1804