Analysis
-
max time kernel
146s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 16:13
Static task
static1
Behavioral task
behavioral1
Sample
a4389b334e80bd96442138b2dd196209.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a4389b334e80bd96442138b2dd196209.rtf
Resource
win10v2004-20240221-en
General
-
Target
a4389b334e80bd96442138b2dd196209.rtf
-
Size
224KB
-
MD5
a4389b334e80bd96442138b2dd196209
-
SHA1
10c1fd3c31c77a7fc99b68d28e541260da50c4ee
-
SHA256
c3b5503a0a89fd2eae9a77ff92eef69f08d68b963140b0a31721bb4960545e07
-
SHA512
f3fb03d9e77953bf6d965835086be917f416728f940fc796cd13b05abd61286ce262682057bdb8bb65b112786edeada5f0301b2968e72ce678cdf239ccfc5443
-
SSDEEP
1536:+r4DOTg8X0t9yOo6SnDsxI2+6VkoZoOfRb9JmkjJydLksx0ChndVXDke/zmCOcmY:+cDh8OMgoIXmCkpF0SjzPmKUqZBZTw2
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 652 WINWORD.EXE 652 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 18 IoCs
pid Process 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\a4389b334e80bd96442138b2dd196209.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:652
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD520544ad79cfceb5ceca82000f42402b2
SHA121774f5ec4c423b0b43b5a67c685034cba055a77
SHA2562cb2ec03ab707cf12db719e4de178fb05c8d799f54cfae07647e69e8d6a55331
SHA512e2d1652e749b9ee6ea933375a2dbf659c34d5b0aa1216644d1839553c62a129409ef1442272c53bea529d541a62a88621e96926af3bba492fedc6508ecf3d05b