365ce54191af6d00a8c9a8c1a1c5ffe39c0e8015f55d0687d546d3a0c7bb538b

Analysis

max time kernel
35s
max time network
20s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
19/02/2024, 08:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bel07.docx
Size

247KB
MD5

a124da9c6b56b18c6ecac43c3ece5c0c
SHA1

c15182509a6b28c37efb03e25c89d39a891a946a
SHA256

365ce54191af6d00a8c9a8c1a1c5ffe39c0e8015f55d0687d546d3a0c7bb538b
SHA512

e09f2bd5d4de905f4d8491d1c30e5f43381b6793b68825352e8b72858f95e79d134f0b56a18403bbcf1edb21e05c854113d4d91cdb3090710dc6c493caa5082a
SSDEEP

6144:7XdAJBt9CoZ8cfxNdezCmWvdQ7c5m6J8VnVKtKVz:TgFZ5OCmW1Q7mqOC

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1620	WINWORD.EXE
1620	WINWORD.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1620	WINWORD.EXE
1620	WINWORD.EXE
1620	WINWORD.EXE
1620	WINWORD.EXE
1620	WINWORD.EXE
1620	WINWORD.EXE
1620	WINWORD.EXE
1620	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Bel07.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A4BA41FB.emf

Filesize
5KB

MD5
3bc2455afef45f0951e957e94a07af3a

SHA1
e4ee9ac668c2e0a3bace22378efa4a7ee37830e4

SHA256
d0b248b9a6f05b56686873b1a4f8e14a2cba67b3c2dc8e15c7f6326c47bdb128

SHA512
3cf42e57ed89bbd5e6b07fde978b184e691367852e572d441943c757fb1c5d73d43a431939050565ed16c93ac1d491b0ff06f554d093bd8e7f30680d84aabf04

Download Submit
memory/1620-16-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-25-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-3-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-4-0x00007FF91E710000-0x00007FF91E720000-memory.dmp

Filesize
64KB

Download
memory/1620-5-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-8-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-9-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-10-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-12-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-11-0x00007FF91BB10000-0x00007FF91BB20000-memory.dmp

Filesize
64KB

Download
memory/1620-13-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-14-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-15-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-0-0x00007FF91E710000-0x00007FF91E720000-memory.dmp

Filesize
64KB

Download
memory/1620-2-0x00007FF91E710000-0x00007FF91E720000-memory.dmp

Filesize
64KB

Download
memory/1620-19-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-18-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-21-0x00007FF95BF70000-0x00007FF95C01E000-memory.dmp

Filesize
696KB

Download
memory/1620-23-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-17-0x00007FF91BB10000-0x00007FF91BB20000-memory.dmp

Filesize
64KB

Download
memory/1620-28-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-29-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-30-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-26-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-32-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-1-0x00007FF91E710000-0x00007FF91E720000-memory.dmp

Filesize
64KB

Download
memory/1620-197-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-198-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download
memory/1620-199-0x00007FF95E680000-0x00007FF95E85B000-memory.dmp

Filesize
1.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads