547171ee5d4f584ef9926173f864b614b2717b44de1f8d91b767b08f69365a70

Analysis

max time kernel
143s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UploadFiles/indentAttFile/2011010414458441.doc
Size

69KB
MD5

d59c40cb0d61775131806c246a9fddf7
SHA1

eef6a74ff26fce4ea6aaf89f0e6f8088d0bb8b06
SHA256

2906184d642ef37fb2f7a26cd63fa9549788f57d0b9449781b8095fa0c2c3cce
SHA512

a939a574edb6fb53c45b17178a4d89d5071ee6b2c3cf111f2a80f50a2ef0ece378f639f685da77d3948891c1424d88346e482136bd5bedfaff04097945fb5e75
SSDEEP

384:wL0ohCL+YkTAyHjTkgDXKvTyAjoLkOVh6ffRUDLaUlBfLuQBbxnUAFYo7aAyIyvy:ZoS9kTL8ZYXF4vK/XKqjdYOs5n

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4976	WINWORD.EXE
4976	WINWORD.EXE

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE
4976	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\UploadFiles\indentAttFile\2011010414458441.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1FCCD81C.wmf

Filesize
758B

MD5
9b6dfc7ae54090d251e8733d23099a50

SHA1
1e7dcadcab92e99c6cf49a6dd80317223f24cc16

SHA256
c43ebe43063ecc22ffabd59aaf34d4ffcacd1da434fefd7a102c16e9275ba22c

SHA512
1db6aa25a0c721ac3789d8b8ee445c65ae29dbbc00eed1615a98d7753902bda4ae07a42cf5eaa7e7cd8ec043fcc1efb6a2fe6cc99ed93cb0ba690a46c79a9519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4BCBF865.wmf

Filesize
534B

MD5
5956f79632c0624a94d97ace099fbf0b

SHA1
5e6b0d10f8eb0e19388a7c3eebd7bef2e0174cec

SHA256
b9499025a58c04f6a9ac92e80424ad7f558ad78ffea265e987dc5b7c5d599030

SHA512
eb712dd01cbe45b9953a5e8ce9cc61003ac4454f348f607772cef19990054e3b2b929e5c797b5605c3834495af9e6288d108b17ae4fd3961be1c30a80b3bce0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\517A1709.wmf

Filesize
490B

MD5
aabf1cb5344c29c354ff84e2c7ec2134

SHA1
3cee7ef56dba817406bb65d549a52cf9fb6282af

SHA256
4cbcb7f763d387d021efe2f2b73e1e0121c15ac1093bce11eefa44eef2411af3

SHA512
ca7e8469ae8dd796615dc180ad1bd30ac61ffdb8884d8acec3f8b45cfe8d674447c29cc7d0790b82a882aa3dae9cf67d5c60c3cb439fab9f65575811adaf2b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\563E216D.wmf

Filesize
564B

MD5
374ad37fb66a683bf71b07c85d49d6b5

SHA1
ff4b75e99020b10563def797f41a1407259f138c

SHA256
f5adde09ab867056525d0fa3157b1e1b160db9e2f71b654a5082a117bb0e2b5f

SHA512
be97aec459c4c4628ebed7fb65c69c81a647c035503a5db2332ece7114cfd698a594794952de4a50b4b9333f6d4462f6017df18e720f522333bac73b2fada6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5DF8A303.wmf

Filesize
490B

MD5
b872a712ea4dc00375ee3ba17ecb4229

SHA1
6d13a441b67c2bd029e29eb803610e59d73f46b2

SHA256
a12aa10eb0e66ed38b12d4f709cf4ff45e57736647b6f00fe2660ea9912c3dab

SHA512
41523197576321980006658b568dca8830d8d14326909f11626f7f8eec8585eb4b59ddf709c77ab2be15b71f46a1446b2f316f5b497015718960839e885ff1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\661E208A.wmf

Filesize
506B

MD5
d700c0e109fc41cbccb2e195aa2daf01

SHA1
2a192b3521535d8df943bad4ee04d5bc13500395

SHA256
074cde8ed9ad45493cd24f90087c6b03c01808874a87fe0174b8f77cb53dcc68

SHA512
c379fb901805f92dbf0912e6d9bd66ced2659ac21fdc78265fe2f78325eab505ffad8434493b626e38ebb99faf3c2c5e0e5ca0260c194924d61458b3bd79e198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\82F1D6FF.wmf

Filesize
778B

MD5
7ebac7677d00f1bf34f59c223907a799

SHA1
f3fa962561d1d1bd7fc58a0a68c98204636cf6b2

SHA256
df0406c366458200e663741c36b76516cac2edebc3bd2ad939f72e3b5e7714d8

SHA512
a0ad9648b3f0b0e30358393feda1196dd21e2a3cc46d41133e09edc0148a685f922abbc1c5b337bf5b942b8c31e93979a53aafa96064eec5f5ba49478a5c8d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\841C176.wmf

Filesize
696B

MD5
4c4f14234641dc8d88744839eebbf39e

SHA1
a2b97844e0b9e28254af0cbc884c472f20046420

SHA256
ee6cae41c5e71a48bb83d579d00db2b615fb1710f037914606671e4dd44cb2df

SHA512
bb3463753b855b9578ef5e083b418aaa816b0b686c69835b13826bbca9600363fffbface12b9433aaf84258ea79c921a38aa21539c1c05d47c9c8d92a817cd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\863715D0.wmf

Filesize
402B

MD5
368c3e7eed5031ca748a913b675c41e7

SHA1
95c22aeab4bd57d22706da092457f97c96c482a8

SHA256
9f9a9152cad10b863b7e585b5e50a05c271dd73fbdfbf6df5c37222da0eb3d3b

SHA512
b682455238f57a7b5f7e46ac7d7345d3c981093f02dbe1bb46cbfe8dd4e5ac9e6b3e0b2831f56d61acfeeee212d3766111b85032081abb13e45b04659e0d4ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\89C7E0D8.wmf

Filesize
606B

MD5
2916e08714b8685caaee85ce3d4257a6

SHA1
b9f54b27f6798c393c937081fa9e5b9e99b4f93a

SHA256
e64a2746b7a2a73d422728c08aa9a694f8e3bd40b9d8e3869a3e57b854724ece

SHA512
d3482f6f850b177bb736bc430644209e7f65422b949351fd43ce3a14af423357fed8053a430949ce7d20f4645e1e08b3491b745366cd3e4042c0c6d3e107a990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\97D47AF9.wmf

Filesize
452B

MD5
cf352ed37f4a54bf7a7e07121504cd4f

SHA1
1deeb11b269ce3db9fbc81855d5ac5307d1bd798

SHA256
bc8e882ecdb14abd3f168275d53fbc3577b58e5350c06fe8985582402414d429

SHA512
4634aeed613f9874b55d3ac3c1007bbefeb0836baa3be7305d9c30e74c03a9047a6243c9cec666758bb111ea86fbb63348119f05800d8e81735f4d8b6d30666e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C1DE7928.wmf

Filesize
490B

MD5
b6d51080cb50efc33b17011f9ed79fb1

SHA1
5cca986e67f99c744a9bc796c1f3f644de59cc0d

SHA256
3bd32253f0beb6ec0c2aa2f40e95ab48174a4c77b9c492e0f5aacd357464090a

SHA512
bd2349a69b96d52a280c7635439987c152a3339fb6b8e166ec13dbd9152ac0b35ba2870239eee4b19b0856f7ddea98a83ec1118c37805ea1124719b2845e3560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\C48B94C7.wmf

Filesize
420B

MD5
243cb7e63c75a954abe8166f98700ab1

SHA1
aa0aadf8c230331dc66d2d42cf08cec57b05b487

SHA256
f6ed4dccb51f71aafa2a6a8d0f6c61879dfa7845956e9ae5caecd1e16792bb00

SHA512
823e5b619e70cb8a26ea65cceb936d00e5ee5d8879e348249591b1b725603fd7b493652083abc67c27687164d3fe42f38ff120c0750b19155f3bf7c24771cd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\CA39ED73.wmf

Filesize
436B

MD5
1b45bcb64999b3c2a32b40944e6b064c

SHA1
ba91238e63e77c96b7932c4125458b75cab1d21c

SHA256
abb2cd76e5e1bc6e44322b7238b1405518c8a13907ca00f8065cc6d2cda4eb39

SHA512
7b5f4d920f0d3486675ec08444c25e9641be0584eddcc406269ea3a017414d919e3213503c22e158411c4708d752e3073767ebdad2afefa6342d6a34b106774b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D884F4.wmf

Filesize
452B

MD5
162fe0143cbd186687d0bf8270a916de

SHA1
8b165d21bf8677092c4d0b95eeff0006243752b2

SHA256
b5696dd237b94c5886b72b4e012572ebc15de7e33b48c6419e9d950596d1075c

SHA512
70c325271ea80749275940a5cc1064bb8d547b5b4dd7dc30738cc03a707443350206930ffaae177113351bca528af2d99d2b1349d595d332bf836872f1039fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DBCD8C5E.wmf

Filesize
272B

MD5
3dcdb004fdccbb65aa2911d9ba2da3a3

SHA1
c77644ebb7ec7c5ebb72e2fb9070a8704a863001

SHA256
124142fd5b1f28284c52cb1ae5069b8a9c19584a77598e287dbc1829c6b840d0

SHA512
51745d4f3ebe11222a1b8a87f9781f4848283e836c7bf3d5b352fbdd8b6d442602beec66adaacfcc71765b9980f83da43a7356f562bbd9c90c131be5d1c1e087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E4CCFB91.wmf

Filesize
608B

MD5
bdccab20a182ac7d79bddda15e444d6e

SHA1
5c75b3d3495dd9625dde20afeb72ea17cac28c6f

SHA256
8c6026eb83667797a8106c33933b5f374b92370c65ddf695c8cad4ebb0054c03

SHA512
3ba43cc0592b07bea27041cef72ad3445a381af1607b4c5ec8aff1d6875a7fe4c985c6fcf45d8020965e4aef9194405e367f1fc2faeacb46ff2a40167a40a765

Download Submit
memory/4976-9-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-7-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-19-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-21-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-22-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-23-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-16-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-4-0x00007FFE0B7D0000-0x00007FFE0B7E0000-memory.dmp

Filesize
64KB

Download
memory/4976-15-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-13-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-14-0x00007FFE09770000-0x00007FFE09780000-memory.dmp

Filesize
64KB

Download
memory/4976-12-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-11-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-10-0x00007FFE09770000-0x00007FFE09780000-memory.dmp

Filesize
64KB

Download
memory/4976-17-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-18-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-5-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-6-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-8-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-0-0x00007FFE0B7D0000-0x00007FFE0B7E0000-memory.dmp

Filesize
64KB

Download
memory/4976-1-0x00007FFE0B7D0000-0x00007FFE0B7E0000-memory.dmp

Filesize
64KB

Download
memory/4976-2-0x00007FFE0B7D0000-0x00007FFE0B7E0000-memory.dmp

Filesize
64KB

Download
memory/4976-3-0x00007FFE0B7D0000-0x00007FFE0B7E0000-memory.dmp

Filesize
64KB

Download
memory/4976-203-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-280-0x00007FFE0B7D0000-0x00007FFE0B7E0000-memory.dmp

Filesize
64KB

Download
memory/4976-281-0x00007FFE0B7D0000-0x00007FFE0B7E0000-memory.dmp

Filesize
64KB

Download
memory/4976-283-0x00007FFE0B7D0000-0x00007FFE0B7E0000-memory.dmp

Filesize
64KB

Download
memory/4976-282-0x00007FFE0B7D0000-0x00007FFE0B7E0000-memory.dmp

Filesize
64KB

Download
memory/4976-284-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-286-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download
memory/4976-285-0x00007FFE4B750000-0x00007FFE4B945000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads