Overview

overview

4

Static

static

1

02235151f3...50.doc

windows7-x64

4

02235151f3...50.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    155s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 19:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    02235151f3ac3e9f701442a525f7bc50.doc

  • Size

    27KB

  • MD5

    02235151f3ac3e9f701442a525f7bc50

  • SHA1

    4de2e2359b99a29f0747c126a72c3f5e42d6881e

  • SHA256

    a6d16b19c4e6e6c724446ae0e24611953761107585351b647d0f8f0091fbdd57

  • SHA512

    675ca754f18507b7c13aff3f14b29793482b674f0c4a8876e41ccf848d3fbfe9967590d012be33ec3a3943d8ad8c51ed148f57b1d203a954ba43ecdeea866dbe

  • SSDEEP

    192:c3SkKOCt9TVA7R1fqhibVATy0mToTMjtIcuQktQVRC:c3doiR9jbaTy0ycMjtIjt

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\02235151f3ac3e9f701442a525f7bc50.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1008

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
          Filesize

          25KB

          MD5

          9ed60ea07ab1dcd1fe6be6c23bd8fb46

          SHA1

          2a0be2a3ef109ce1fcd2a394481b5931d63047bc

          SHA256

          fc669a175fbe57f3e5afb523b043ae567f5b9e0d75f1fccb25d50f41e516b78f

          SHA512

          e921583ad563143c44d2021e11137042eddb8be2fa19f9b09928f3badb0bc7ecaaf8074cefeb21b8bc465aadb7f43ae088a488f7659b4faebdc28ea5bae51b4e

          Download Submit

        • memory/1008-12-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-76-0x0000022F58A80000-0x0000022F59A50000-memory.dmp

          Filesize

          15.8MB

          Download

        • memory/1008-2-0x00007FFB15730000-0x00007FFB15740000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1008-4-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-5-0x00007FFB15730000-0x00007FFB15740000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1008-6-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-8-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-7-0x00007FFB15730000-0x00007FFB15740000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1008-9-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-10-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-11-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-0-0x00007FFB15730000-0x00007FFB15740000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1008-3-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-15-0x00007FFB12DD0000-0x00007FFB12DE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1008-13-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-34-0x0000022F58A80000-0x0000022F59A50000-memory.dmp

          Filesize

          15.8MB

          Download

        • memory/1008-55-0x0000022F58A80000-0x0000022F59A50000-memory.dmp

          Filesize

          15.8MB

          Download

        • memory/1008-57-0x0000022F58A80000-0x0000022F59A50000-memory.dmp

          Filesize

          15.8MB

          Download

        • memory/1008-1-0x00007FFB15730000-0x00007FFB15740000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1008-68-0x0000022F58A80000-0x0000022F59A50000-memory.dmp

          Filesize

          15.8MB

          Download

        • memory/1008-73-0x00007FFB556B0000-0x00007FFB558A5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1008-14-0x00007FFB12DD0000-0x00007FFB12DE0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1008-77-0x0000022F58A80000-0x0000022F59A50000-memory.dmp

          Filesize

          15.8MB

          Download

        • memory/1008-78-0x0000022F58A80000-0x0000022F59A50000-memory.dmp

          Filesize

          15.8MB

          Download

        • memory/1008-79-0x0000022F58A80000-0x0000022F59A50000-memory.dmp

          Filesize

          15.8MB

          Download