928747ffae63987dd8b01f836511980c682254dc51d8e783ef5bc2d26906e58c

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56668a9da64672a55898308c2e2c34e8.doc
Size

30KB
MD5

56668a9da64672a55898308c2e2c34e8
SHA1

f7d6c97fb0fb8f64501072906b30e03e1fb36c6d
SHA256

928747ffae63987dd8b01f836511980c682254dc51d8e783ef5bc2d26906e58c
SHA512

7a233c1a84e40a80a9ddd87fbf11b370a5f4c0f952d447a332f8f101af203ec3ad616b1861907882f24df7fbdba3ff2515797a31cb4d0a0283b856b334905cee
SSDEEP

192:eQw2OK/hRVDGLhBloCughSqW/5RMlf2y2ujr/WtvPt/Ml99:dheLTzhL4klf2y2ujr/Wt3tM

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1264	WINWORD.EXE

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1264	WINWORD.EXE
1264	WINWORD.EXE

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1264	WINWORD.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE
1264	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\56668a9da64672a55898308c2e2c34e8.doc" /o ""
1⤵
- Deletes itself
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0003.tmp

Filesize
26KB

MD5
b7f676111870e4c3a68ea21de181a421

SHA1
cb37b73ac3033c525bdafdf433cbcd5c54772fe9

SHA256
9980ee0a94fd89a8f5cc4f50247d6105d17e0e94c5063be64b078080dcce5dca

SHA512
03302391658dc75fb74332727f319d6433b53db4641c33ffb2377a8d9d57522fd7a4e01953e5e40b97f42a828a51e889034f1f7fe3764d69d9faee98e2459cd5

Download Submit
memory/1264-3-0x00007FFC95AD0000-0x00007FFC95AE0000-memory.dmp

Filesize
64KB

Download
memory/1264-152-0x00007FFC95AD0000-0x00007FFC95AE0000-memory.dmp

Filesize
64KB

Download
memory/1264-10-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-13-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-15-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-14-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-18-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-17-0x00007FFC934B0000-0x00007FFC934C0000-memory.dmp

Filesize
64KB

Download
memory/1264-2-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-19-0x00007FFC934B0000-0x00007FFC934C0000-memory.dmp

Filesize
64KB

Download
memory/1264-12-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-11-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-9-0x00007FFC95AD0000-0x00007FFC95AE0000-memory.dmp

Filesize
64KB

Download
memory/1264-8-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-7-0x00007FFC95AD0000-0x00007FFC95AE0000-memory.dmp

Filesize
64KB

Download
memory/1264-5-0x00007FFC95AD0000-0x00007FFC95AE0000-memory.dmp

Filesize
64KB

Download
memory/1264-4-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-1-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-16-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-6-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-92-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-69-0x0000022E4EC10000-0x0000022E4FBE0000-memory.dmp

Filesize
15.8MB

Download
memory/1264-78-0x0000022E4EC10000-0x0000022E4FBE0000-memory.dmp

Filesize
15.8MB

Download
memory/1264-80-0x0000022E4EC10000-0x0000022E4FBE0000-memory.dmp

Filesize
15.8MB

Download
memory/1264-91-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-45-0x0000022E4EC10000-0x0000022E4FBE0000-memory.dmp

Filesize
15.8MB

Download
memory/1264-93-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-94-0x0000022E49960000-0x0000022E49D60000-memory.dmp

Filesize
4.0MB

Download
memory/1264-95-0x0000022E4EC10000-0x0000022E4FBE0000-memory.dmp

Filesize
15.8MB

Download
memory/1264-135-0x0000022E4EC10000-0x0000022E4FBE0000-memory.dmp

Filesize
15.8MB

Download
memory/1264-0-0x00007FFC95AD0000-0x00007FFC95AE0000-memory.dmp

Filesize
64KB

Download
memory/1264-136-0x0000022E4EC10000-0x0000022E4FBE0000-memory.dmp

Filesize
15.8MB

Download
memory/1264-156-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-155-0x00007FFCD5A50000-0x00007FFCD5C45000-memory.dmp

Filesize
2.0MB

Download
memory/1264-154-0x00007FFC95AD0000-0x00007FFC95AE0000-memory.dmp

Filesize
64KB

Download
memory/1264-153-0x00007FFC95AD0000-0x00007FFC95AE0000-memory.dmp

Filesize
64KB

Download
memory/1264-27-0x0000022E49960000-0x0000022E49D60000-memory.dmp

Filesize
4.0MB

Download
memory/1264-151-0x00007FFC95AD0000-0x00007FFC95AE0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads