12a313cf1e3b4e50e53e7d4540eb1baad954d6baa309bbdf68dffabc6a69b0dc

General

Target

بررسی رابطه بین سبک های تفکر، باورهای غیر منطقی و شیوه �.doc
Size

2.4MB
MD5

cf54b38c5ac4eb39ec7e60c9d0a61e7a
SHA1

0d906c82ae4e1f5eefdf61baebc5fa9a4c92078f
SHA256

ea8008dcbef93b83954f001ceb518b89ac2b6121bd235291ad3236ea4a4e9c53
SHA512

53605cc836e3c599174e0d38d0e65009aa5889696cd2b709e79f792f04be9432548b548bbbfe3ce31ad466dd0f02eada631d41e925f9f5ff9d8917853db4115e
SSDEEP

24576:/gUkMbhMnLIQvAYqgbEzd00opAi3KRcl6NyvxEogZ:RenL7A3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
384	WINWORD.EXE
384	WINWORD.EXE

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
384	WINWORD.EXE
384	WINWORD.EXE
384	WINWORD.EXE
384	WINWORD.EXE
384	WINWORD.EXE
384	WINWORD.EXE
384	WINWORD.EXE
384	WINWORD.EXE
384	WINWORD.EXE
384	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\بررسی رابطه بین سبک های تفکر، باورهای غیر منطقی و شیوه �.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3619C385.emf

Filesize
963KB

MD5
3694c55d7c92de94f383ad9dcb8388d3

SHA1
15b92005e71434bd3c59bb662dd1d69c847ffbe7

SHA256
60c46eb0c88805488dd3a7336da5f1b910bb007efb2d2d8c3207a798fe2b2753

SHA512
beb24bfb97252b74abf33993b022a43e7883171bc1f43e6ad8c4cfe7692a2a7e10fde266d65817f703dce0a4832caf84103c7ced8bbefb9c30f33e222cd751ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\61E0642E.emf

Filesize
963KB

MD5
16d4390cd01e5983480c998eb08667b9

SHA1
529ff8cf4d8b9098e7e5ef19c477cea2942bc8f0

SHA256
fe266d5c72e2fc92c86095b6551e01ff4bb8d1314dad623340b9e04f4a6b7380

SHA512
8408f7ba55498ebd3c52c08cf09f12781e448cce458ed30cabfe4eb37d298848b739e05533e64da0b29d050f543d5e44c32fc75fca3bfe267e1ec8277ff4dd5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/384-8-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-96-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-6-0x00007FFD9FED0000-0x00007FFD9FEE0000-memory.dmp

Filesize
64KB

Download
memory/384-2-0x00007FFD9FED0000-0x00007FFD9FEE0000-memory.dmp

Filesize
64KB

Download
memory/384-7-0x00007FFD9FED0000-0x00007FFD9FEE0000-memory.dmp

Filesize
64KB

Download
memory/384-0-0x00007FFD9FED0000-0x00007FFD9FEE0000-memory.dmp

Filesize
64KB

Download
memory/384-19-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-10-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-11-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-12-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-13-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-14-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-15-0x00007FFD9DD80000-0x00007FFD9DD90000-memory.dmp

Filesize
64KB

Download
memory/384-16-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-98-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-4-0x00007FFD9FED0000-0x00007FFD9FEE0000-memory.dmp

Filesize
64KB

Download
memory/384-9-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-20-0x00007FFD9DD80000-0x00007FFD9DD90000-memory.dmp

Filesize
64KB

Download
memory/384-29-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-30-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-31-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-5-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-3-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-1-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-91-0x00007FFD9FED0000-0x00007FFD9FEE0000-memory.dmp

Filesize
64KB

Download
memory/384-92-0x00007FFD9FED0000-0x00007FFD9FEE0000-memory.dmp

Filesize
64KB

Download
memory/384-94-0x00007FFD9FED0000-0x00007FFD9FEE0000-memory.dmp

Filesize
64KB

Download
memory/384-93-0x00007FFD9FED0000-0x00007FFD9FEE0000-memory.dmp

Filesize
64KB

Download
memory/384-95-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-18-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-97-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download
memory/384-17-0x00007FFDDFE50000-0x00007FFDE0045000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads