Overview

overview

1

Static

static

1

Vesture_WW...).docx

windows11-21h2-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    19/02/2024, 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Vesture_WW2_PD (3).docx

  • Size

    333KB

  • MD5

    b280ef1e61e0eb8789dc36086aa6980e

  • SHA1

    6cace6c59d0c331743af3855d1d4bd6b48be9c69

  • SHA256

    53d8bef4d0952cde8177b1f9933660f27681888b603a0cc5b6bc27b72cea531f

  • SHA512

    3d51495d18570a98cbbab74addb7fa99d5e41a488a98989c1b9eca4363579ddedd8b4311d80faa0439e334aa339322b21d54c3e5612992bd94b1c0a76025415d

  • SSDEEP

    6144:yTkI/wkQ/CtLhzHJ1fePtLhKysE8I/Nvt8gCPIBviYUz/Mt2u:AbokQiLhTJFePthsas46fiP

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 29 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Vesture_WW2_PD (3).docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:5072
  • C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
    "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:4628
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3176
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:4396
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
      1⤵
        PID:2536

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F5069F19-EF99-4F92-83A1-56B90FEFB9D2
        Filesize

        159KB

        MD5

        2a0aeb8b9e51c2ee87654bcd485140a0

        SHA1

        1fc68e061ca5e76ba5c9b10e74f4f1958cc28b89

        SHA256

        65466a56e528b460ef2d9e71800f83c2fc3f5215cfc28d1c9e9816e332143d26

        SHA512

        360d6fb3acf48e933229b90e42afe24d9b228704e3a61079d5976a97db95ac133ba06140fcc2d45e76921291ba0e2dbfd52794de7f0ecf6b94544286bedff598

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\TenantInfo.xml
        Filesize

        76B

        MD5

        0f8eb2423d2bf6cb5b8bdb44cb170ca3

        SHA1

        242755226012b4449a49b45491c0b1538ebf6410

        SHA256

        385347c0cbacdd3c61d2635fbd390e0095a008fd75eeb23af2f14f975c083944

        SHA512

        a9f23a42340b83a2f59df930d7563e8abd669b9f0955562cd3c2872e2e081f26d6d8b26357972b6d0423af05b2392bddbb46da769788e77fd169b3264ff53886

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
        Filesize

        2B

        MD5

        f3b25701fe362ec84616a93a45ce9998

        SHA1

        d62636d8caec13f04e28442a0a6fa1afeb024bbb

        SHA256

        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

        SHA512

        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Word\AutoRecovery save of Vesture_WW2_PD (3).asd
        Filesize

        357KB

        MD5

        1acfa9857b6bc9d2a2014c935df13341

        SHA1

        0baa355c34568d135852d0fc0b2395e571b349f9

        SHA256

        b012f153968a81b91a0176a1dd7a9aff5ba6c3acad61abcecf0a5b87667fef22

        SHA512

        6cad69e399a8a27e6540b485d95a64ba0326a5addecf8183b430826cbb76b4a4722c2a6d22b6624efca74e9decc00d54bb58dfe8ed430db8f976f890996bda21

        Download Submit

      • memory/3176-128-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3176-127-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3176-126-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3176-129-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3176-117-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3176-118-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3176-119-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3176-125-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3176-124-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3176-123-0x0000027004120000-0x0000027004121000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4628-95-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-98-0x00007FF9AB420000-0x00007FF9AB4DD000-memory.dmp

        Filesize

        756KB

        Download

      • memory/4628-116-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-115-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-97-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-96-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-94-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-92-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-93-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-91-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-90-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-89-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-87-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-85-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-84-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-77-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4628-76-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4628-78-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-80-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-79-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4628-75-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4628-74-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4628-81-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4628-82-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-12-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-6-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-13-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-71-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-73-0x00007FF9AB420000-0x00007FF9AB4DD000-memory.dmp

        Filesize

        756KB

        Download

      • memory/5072-69-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-68-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-14-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-31-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-30-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-0-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-29-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-72-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-18-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-70-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-10-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-15-0x00007FF96A500000-0x00007FF96A510000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-17-0x00007FF9AB420000-0x00007FF9AB4DD000-memory.dmp

        Filesize

        756KB

        Download

      • memory/5072-11-0x00007FF96A500000-0x00007FF96A510000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-9-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-8-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-7-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-3-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-16-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-5-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5072-4-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-1-0x00007FF96C850000-0x00007FF96C860000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5072-2-0x00007FF9AC7C0000-0x00007FF9AC9C9000-memory.dmp

        Filesize

        2.0MB

        Download