Analysis
-
max time kernel
133s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
09/02/2024, 13:49
Static task
static1
Behavioral task
behavioral1
Sample
Order Specification.docx
Resource
win10v2004-20231215-en
General
-
Target
Order Specification.docx
-
Size
1.9MB
-
MD5
8417c579dc41ca5bf7e917121a3b3e49
-
SHA1
5caec24751932b1152125e2b405364b7a2762291
-
SHA256
6180214e6bac17bdaa2b0a17490cc17a13ad2cf0aed7061910e6e58552afc0db
-
SHA512
72d3622e0d0774b9c7d488ffdd2c473094170bcdd81fb0fbdb02502fb19ac2e4dd518ad59a439c60c05a3658594504126c655c4720ee11bfd77ecf1c4364afe1
-
SSDEEP
49152:J2AXONpW9eRk6vnJgxsihNHivFyBKsTCCBXL0x6hTe46hyE/L3xd98:J2fNNu6v2xsiLivFdqCGoQhC4iZ/LxdG
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2188 WINWORD.EXE 2188 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 2188 WINWORD.EXE 2188 WINWORD.EXE 2188 WINWORD.EXE 2188 WINWORD.EXE 2188 WINWORD.EXE 2188 WINWORD.EXE 2188 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Order Specification.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2188
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5d3f85acc7fde0b72c69bb97e7746c666
SHA1ab6492be0ba3d02a69a520021b50029026340790
SHA256af2777323520bc44447af0e66e48e43cd8955bec08586b763bd590b27ee1ba7d
SHA51225d7faf0c81ac76dd8d425e53c9a7d0b1a2277765c1f3d91f8ca38ea0d17d43ec653b1460548a10eeb212e8995bda399a52c83ea14ca3518af9748966ce643c6