f839a54f9b34610b91a1228de033fee3b510bcb35684c692acdfb8f9399a9b53

Analysis

max time kernel
101s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96531aa92fea384f3764c32979dd04ac.doc
Size

41KB
MD5

96531aa92fea384f3764c32979dd04ac
SHA1

b74714618cbcbd5832d5924c76a3743c57ac57f9
SHA256

f839a54f9b34610b91a1228de033fee3b510bcb35684c692acdfb8f9399a9b53
SHA512

478357c39bd29d802b3fa0e15c0d0c3fce0f5d04aee6d3147cd97380c18666d5c4187b8335a473d4a2cbd86499b62df260314179a06bc7dd816c1210d81fe8d6
SSDEEP

384:lcxbjuWOm2EuCqzRsvGuX2yD2DLns56FVNeE5O/SBVHXaaw0xAtFGBH:lcxbjHOmz4zR42vsQRcK2f0xK4H

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4844	WINWORD.EXE

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\~WRD0002.tmp\:Zone.Identifier:$DATA	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4844	WINWORD.EXE
4844	WINWORD.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\96531aa92fea384f3764c32979dd04ac.doc" /o ""
1⤵
- Deletes itself
- Checks processor information in registry
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VB50C0.tmp

Filesize
8KB

MD5
5a9583a46298dab96c11d14020f68454

SHA1
3708a58a12b637e2236f48a4bd170670ad120fa6

SHA256
66573ff2d4a95363bae5ea05cdd51859275fb842c81a281e2844799113c18bc9

SHA512
562e3896f208e159482dad3dfa1b5da58e6b0498ab7e2f91e5d2febe560ac8074798c05f323a8b550affbd0e700fbb41d95724ec6899c08257ccdf4da487118a

Download Submit
C:\Users\Admin\AppData\Local\Temp\~WRD0002.tmp

Filesize
46KB

MD5
386bf9949f0e6f61baef1045bb15b5b9

SHA1
9803d4883af87d3034deca2fc9f73b247412d28e

SHA256
ffbd3d3bfb5b6454284783f155d235aa5e96113e73704f85da33dcfeba22f9ef

SHA512
ee3299247358602e6a87e3432ca8a7f6e1ea08a0c9d5cea25721bb4d6196d3924430c369ec62b892d21ab9ba6a69a0d8e75c15e1eacc333bfb29d478e5840ac9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
31KB

MD5
afa34f02ffba2cc3cad57004ed7c9040

SHA1
f8ac81657b3223a93ff8f3f0acec63170fae0dcf

SHA256
1043be6db31776ada58de6d14a27cfc79b980f30af1e801b3ea252e12862907a

SHA512
2fe8335f5972189689360fd11b9f371cbf8f090324a8db13549a377d445ccc48dce4c7b96b615e3f6d9b368885457cc0aa60854d3e4a0441030c757f531c4cc2

Download Submit
memory/4844-36-0x00000242643C0000-0x0000024264BC0000-memory.dmp

Filesize
8.0MB

Download
memory/4844-43-0x00000242682F0000-0x00000242692C0000-memory.dmp

Filesize
15.8MB

Download
memory/4844-45-0x00000242682F0000-0x00000242692C0000-memory.dmp

Filesize
15.8MB

Download
memory/4844-5-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/4844-7-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/4844-8-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-10-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-11-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-12-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-9-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-14-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-13-0x00007FF8A1510000-0x00007FF8A1520000-memory.dmp

Filesize
64KB

Download
memory/4844-15-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-17-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-16-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-19-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-21-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-20-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-18-0x00007FF8A1510000-0x00007FF8A1520000-memory.dmp

Filesize
64KB

Download
memory/4844-0-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/4844-4-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-39-0x00000242682F0000-0x00000242692C0000-memory.dmp

Filesize
15.8MB

Download
memory/4844-6-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-46-0x00000242682F0000-0x00000242692C0000-memory.dmp

Filesize
15.8MB

Download
memory/4844-3-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-1-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/4844-67-0x00000242682F0000-0x00000242692C0000-memory.dmp

Filesize
15.8MB

Download
memory/4844-68-0x00000242643C0000-0x0000024264BC0000-memory.dmp

Filesize
8.0MB

Download
memory/4844-78-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-79-0x00000242682F0000-0x00000242692C0000-memory.dmp

Filesize
15.8MB

Download
memory/4844-80-0x00000242643C0000-0x0000024264BC0000-memory.dmp

Filesize
8.0MB

Download
memory/4844-81-0x00000242682F0000-0x00000242692C0000-memory.dmp

Filesize
15.8MB

Download
memory/4844-82-0x00000242682F0000-0x00000242692C0000-memory.dmp

Filesize
15.8MB

Download
memory/4844-83-0x00000242643C0000-0x0000024264BC0000-memory.dmp

Filesize
8.0MB

Download
memory/4844-2-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/4844-102-0x00000242682F0000-0x00000242692C0000-memory.dmp

Filesize
15.8MB

Download
memory/4844-106-0x000002425A7F0000-0x000002425A9F0000-memory.dmp

Filesize
2.0MB

Download
memory/4844-124-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/4844-125-0x00007FF8E3BF0000-0x00007FF8E3DE5000-memory.dmp

Filesize
2.0MB

Download
memory/4844-123-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/4844-122-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download
memory/4844-121-0x00007FF8A3C70000-0x00007FF8A3C80000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads