ca85d804b8b6847c6bd7af47334fea9b72aea4eac56acd0cbe4b65fe8ea9a5dc

Analysis

max time kernel
209s
max time network
233s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

396430a2c80995602a86bd2829586c3b.doc
Size

26KB
MD5

396430a2c80995602a86bd2829586c3b
SHA1

ce06e59250e3f277931d905b345f100e5903c5b8
SHA256

ca85d804b8b6847c6bd7af47334fea9b72aea4eac56acd0cbe4b65fe8ea9a5dc
SHA512

928b0062633cc8402e9e75c2652d00b03b18c71d86ef4c05e724375cc83d89e795ee8ec59fa907a4da78e813d94ab295e95d1b8adad0af463dd139280e20198a
SSDEEP

192:PQwsYZXeVz/vkL6XZ+9gIl2/FL2fRpjYtL20JyN:NZXg/U6J+xloFL2f3jYta

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2300	WINWORD.EXE
2300	WINWORD.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE
2300	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\396430a2c80995602a86bd2829586c3b.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VB2DCD.tmp

Filesize
733B

MD5
148bf7e48448a71e3102e21a51de30bc

SHA1
9853f341d71063bb7a7d0f8c232ec038cc012ef9

SHA256
aeab2089904a35ea4dc12faf539641e4e16eb39c7b0d9b2c902a093d068117a8

SHA512
8195718b45382403bb6debb45d3be21f4ce549cfd0d72e8febfdf9b9d63756c5275f3cf90fa9f01817249a61938161369fc148141a6f85c54267ba2423f60caf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
24KB

MD5
4ef8f0a4319bfa0252deffb3625effc0

SHA1
8660a529dce3ecf92b8f625374c4014525d28cc2

SHA256
dd87f89665ba1fc4561c075d19759400424a3025387f782a2bdadf8e0b54d903

SHA512
3421ba19531d916ecf50d48b65390f1ea99ab8b71ab7b64b3f6cd4013e49ba426adbaf6b48f2305b8ebef2f639952ee397aac322999d863a9bef8a455e1377a7

Download Submit
memory/2300-10-0x00007FFBE6010000-0x00007FFBE6020000-memory.dmp

Filesize
64KB

Download
memory/2300-17-0x00007FFC28730000-0x00007FFC28925000-memory.dmp

Filesize
2.0MB

Download
memory/2300-3-0x00007FFBE87B0000-0x00007FFBE87C0000-memory.dmp

Filesize
64KB

Download
memory/2300-5-0x00007FFC28730000-0x00007FFC28925000-memory.dmp

Filesize
2.0MB

Download
memory/2300-6-0x00007FFBE87B0000-0x00007FFBE87C0000-memory.dmp

Filesize
64KB

Download
memory/2300-8-0x00007FFC28730000-0x00007FFC28925000-memory.dmp

Filesize
2.0MB

Download
memory/2300-7-0x00007FFC28730000-0x00007FFC28925000-memory.dmp

Filesize
2.0MB

Download
memory/2300-9-0x00007FFBE6010000-0x00007FFBE6020000-memory.dmp

Filesize
64KB

Download
memory/2300-0-0x00007FFBE87B0000-0x00007FFBE87C0000-memory.dmp

Filesize
64KB

Download
memory/2300-4-0x00007FFC28730000-0x00007FFC28925000-memory.dmp

Filesize
2.0MB

Download
memory/2300-26-0x00000138C8D10000-0x00000138C9CE0000-memory.dmp

Filesize
15.8MB

Download
memory/2300-2-0x00007FFBE87B0000-0x00007FFBE87C0000-memory.dmp

Filesize
64KB

Download
memory/2300-34-0x00000138C8D10000-0x00000138C9CE0000-memory.dmp

Filesize
15.8MB

Download
memory/2300-38-0x00000138C8D10000-0x00000138C9CE0000-memory.dmp

Filesize
15.8MB

Download
memory/2300-41-0x00000138C8D10000-0x00000138C9CE0000-memory.dmp

Filesize
15.8MB

Download
memory/2300-44-0x00000138C8D10000-0x00000138C9CE0000-memory.dmp

Filesize
15.8MB

Download
memory/2300-45-0x00000138C8D10000-0x00000138C9CE0000-memory.dmp

Filesize
15.8MB

Download
memory/2300-1-0x00007FFBE87B0000-0x00007FFBE87C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads