382b06fb51f50d0165f77f84a76838f39c85f74081cca24c395a44884dd2d4be

General

Target

382b06fb51f50d0165f77f84a76838f39c85f74081cca24c395a44884dd2d4be_JC.docx
Size

175KB
MD5

1181c5dc9d8e8667f095329a37b489b0
SHA1

c742472eff2156141e0a5d80b275e3871e03a865
SHA256

382b06fb51f50d0165f77f84a76838f39c85f74081cca24c395a44884dd2d4be
SHA512

5f992a497100b967f223e7f1aececbd32875b4e19ed6f40f7b49b097d07dbfa792c3d42a2e12adeb4742f44a10b6cdd4282e026ac72f1aad427fc1c38319b5e6
SSDEEP

3072:GJ6Df0ZFivqx4ja1/WFKW6vh5KabwkiXEswvH2QMHSu1zgLI0HWf2pTyz8elCXTh:uWf0Ovqx4jm+KW6vvKUiXV2HxGS8gLI+

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1884	WINWORD.EXE
1884	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeAuditPrivilege	1884	WINWORD.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1884	WINWORD.EXE
1884	WINWORD.EXE
1884	WINWORD.EXE
1884	WINWORD.EXE
1884	WINWORD.EXE
1884	WINWORD.EXE
1884	WINWORD.EXE
1884	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\382b06fb51f50d0165f77f84a76838f39c85f74081cca24c395a44884dd2d4be_JC.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\68C9F709.emf

Filesize
3KB

MD5
4a103fc1809c8ea381d2acb5380ef4f6

SHA1
6c81d37798c4d78c64e7d3ef7eb2acb317c9ff67

SHA256
1ab8f5abd845ffd0c61a61bb09bfcf20569b80b4496bccb58c623753cf40485c

SHA512
77da8ab022505d77f89749e97628caf4dd8414251cb673598acba8f7d30d1889037fab30094a6ce7dc47293697a6bef28b92364d00129b59d2fc3711c82650f5

Download Submit
memory/1884-16-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-19-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-3-0x00007FFB330D0000-0x00007FFB330E0000-memory.dmp

Filesize
64KB

Download
memory/1884-4-0x00007FFB330D0000-0x00007FFB330E0000-memory.dmp

Filesize
64KB

Download
memory/1884-6-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-5-0x00007FFB330D0000-0x00007FFB330E0000-memory.dmp

Filesize
64KB

Download
memory/1884-7-0x00007FFB330D0000-0x00007FFB330E0000-memory.dmp

Filesize
64KB

Download
memory/1884-8-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-17-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-10-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-12-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-11-0x00007FFB30770000-0x00007FFB30780000-memory.dmp

Filesize
64KB

Download
memory/1884-13-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-14-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-2-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-15-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-9-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-0-0x00007FFB330D0000-0x00007FFB330E0000-memory.dmp

Filesize
64KB

Download
memory/1884-20-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-18-0x00007FFB30770000-0x00007FFB30780000-memory.dmp

Filesize
64KB

Download
memory/1884-1-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-38-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-39-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-43-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-72-0x00007FFB330D0000-0x00007FFB330E0000-memory.dmp

Filesize
64KB

Download
memory/1884-73-0x00007FFB330D0000-0x00007FFB330E0000-memory.dmp

Filesize
64KB

Download
memory/1884-74-0x00007FFB330D0000-0x00007FFB330E0000-memory.dmp

Filesize
64KB

Download
memory/1884-76-0x00007FFB330D0000-0x00007FFB330E0000-memory.dmp

Filesize
64KB

Download
memory/1884-75-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-77-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-78-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download
memory/1884-79-0x00007FFB73050000-0x00007FFB73245000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads