Overview

overview

4

Static

static

1

db05d76ff9...a.docx

windows7-x64

4

db05d76ff9...a.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 03:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    db05d76ff9a9d3f582bd4278221f244a.docx

  • Size

    232KB

  • MD5

    db05d76ff9a9d3f582bd4278221f244a

  • SHA1

    9ed39c6a3faab057e6c962f0b2aaab07728c5555

  • SHA256

    5cc41e73253431a36c4f41b2c2a33af8dfbf963483c49e9dc9756cecbb7e18ee

  • SHA512

    6412eb404191c6f1bb0b582fa8e6a2eadb5271ebe16b6ec56222f1ed3efde0165ef71d32ead990eb865418eb1881d7545cfcc23a20e52b03fdad90b4a12a7a1f

  • SSDEEP

    6144:xAdWpKCTwpQBKvnmu5DrpmZcBYsW03R9x:qdWNbBK/r5KrCN

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\db05d76ff9a9d3f582bd4278221f244a.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1000

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8301F94D.emf
          Filesize

          4KB

          MD5

          e88ab5ffb0b736b8f067f340cb61acf9

          SHA1

          dd5d7dd49b658fa32b627ab8867c2853c35e30b0

          SHA256

          496b4f527ac75958552c5f996e7a33dc6c429e26e2b705cd767ac60781dfefa5

          SHA512

          da9c1fe3ece3c3ff03302f37c49e60f2b92019d27d129c4401d62c18070a8259803e6c08b134801ee48f70bf688b1093aee0c56d094a07003c738869c0fa4cfe

          Download Submit

        • memory/1000-133-0x00007FFC6DB90000-0x00007FFC6DBA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-134-0x00007FFC6DB90000-0x00007FFC6DBA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-135-0x00007FFC6DB90000-0x00007FFC6DBA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-136-0x00007FFC6DB90000-0x00007FFC6DBA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-137-0x00007FFC6DB90000-0x00007FFC6DBA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-138-0x00007FFC6B540000-0x00007FFC6B550000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-139-0x00007FFC6B540000-0x00007FFC6B550000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-194-0x00007FFC6DB90000-0x00007FFC6DBA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-193-0x00007FFC6DB90000-0x00007FFC6DBA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-195-0x00007FFC6DB90000-0x00007FFC6DBA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1000-196-0x00007FFC6DB90000-0x00007FFC6DBA0000-memory.dmp

          Filesize

          64KB

          Download