5b9c446d910386c0b95b17d459749c51741f68e32571e2f364c28948d8bb730d

Analysis

max time kernel
102s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2023 08:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17f98169ac0c42c25db515f09299b279.doc
Size

56KB
MD5

17f98169ac0c42c25db515f09299b279
SHA1

d765aa1244c7adcfa772db001109458594fd3692
SHA256

5b9c446d910386c0b95b17d459749c51741f68e32571e2f364c28948d8bb730d
SHA512

4e338255e1ea32e66765bdeb95cc4966b4ebb729654cecb5b4dbeda81ddab42b5c19409e5741faa5cf1bb4dad59532198bccff3803c2097896e71b167737a5ce
SSDEEP

384:JXZI/L5D1r/S6siM38JGI0diBDiEGxrs/2lzBeETJ0YCM7ETp65VHnTpX0jXQnt0:EdGEGxQ/oBeETJ0YCMgTp09ntCQ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
928	WINWORD.EXE
928	WINWORD.EXE

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE
928	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\17f98169ac0c42c25db515f09299b279.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:928

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
30KB

MD5
2f8788f8014ecf795a98c80597d98a04

SHA1
082ed8aebd7757596348b7b3a1147871c8f12b0e

SHA256
52b262b3164e49c0f2fd2ac71fa2edc85466e31c5bee045051c91a92accc13ac

SHA512
87a48a8bfba0906f353012884adf4c4ed145060a63d00b0cd0fba202d677ee3a8bd2c89ff5d4648589da5f3db217ff89271456ac33f90ca6ea54cb57ec9936d1

Download Submit
memory/928-133-0x00007FF9E0E10000-0x00007FF9E0E20000-memory.dmp

Filesize
64KB

Download
memory/928-134-0x00007FF9E0E10000-0x00007FF9E0E20000-memory.dmp

Filesize
64KB

Download
memory/928-135-0x00007FF9E0E10000-0x00007FF9E0E20000-memory.dmp

Filesize
64KB

Download
memory/928-136-0x00007FF9E0E10000-0x00007FF9E0E20000-memory.dmp

Filesize
64KB

Download
memory/928-137-0x00007FF9E0E10000-0x00007FF9E0E20000-memory.dmp

Filesize
64KB

Download
memory/928-138-0x00007FF9DEB10000-0x00007FF9DEB20000-memory.dmp

Filesize
64KB

Download
memory/928-139-0x00007FF9DEB10000-0x00007FF9DEB20000-memory.dmp

Filesize
64KB

Download
memory/928-205-0x00007FF9E0E10000-0x00007FF9E0E20000-memory.dmp

Filesize
64KB

Download
memory/928-206-0x00007FF9E0E10000-0x00007FF9E0E20000-memory.dmp

Filesize
64KB

Download
memory/928-207-0x00007FF9E0E10000-0x00007FF9E0E20000-memory.dmp

Filesize
64KB

Download
memory/928-208-0x00007FF9E0E10000-0x00007FF9E0E20000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads