f39b505751ac3650e13d0f08f8576d2c7c18e393b6cfb31bf7128113b9ad3666

Analysis

max time kernel
140s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

launch.exe
Size

152KB
MD5

a8c79bc1642c1fd0558e0979e0181bad
SHA1

cec94c9b5748d8d2d3a7240f50e6af3c8b659a72
SHA256

f39b505751ac3650e13d0f08f8576d2c7c18e393b6cfb31bf7128113b9ad3666
SHA512

c124a7738dba448780832dd39a2a9c742877d9aadeda778a259c77b34b0ef5b7aac3c78eade70fbbc7d738991ddefcedc2969b545d4a1b7397e81c48ea431cd2
SSDEEP

3072:4cR7HVcrFONqdOvS3f7frXV8/GeqDBvWhCT/4Syb7:4cXu7V8/GeqDskTQSyX

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2680	WINWORD.EXE
2680	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2680	WINWORD.EXE
2680	WINWORD.EXE
2680	WINWORD.EXE
2680	WINWORD.EXE
2680	WINWORD.EXE
2680	WINWORD.EXE
2680	WINWORD.EXE

C:\Users\Admin\AppData\Local\Temp\launch.exe
"C:\Users\Admin\AppData\Local\Temp\launch.exe"
1⤵
PID:3500

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4008

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\These.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
202B

MD5
4566d1d70073cd75fe35acb78ff9d082

SHA1
f602ecc057a3c19aa07671b34b4fdd662aa033cc

SHA256
fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0

SHA512
b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8

Download Submit
memory/2680-14-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-57-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

Filesize
64KB

Download
memory/2680-3-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

Filesize
64KB

Download
memory/2680-4-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

Filesize
64KB

Download
memory/2680-13-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-8-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-7-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-10-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-11-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-12-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-15-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-16-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-1-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

Filesize
64KB

Download
memory/2680-17-0x00007FFAC02C0000-0x00007FFAC02D0000-memory.dmp

Filesize
64KB

Download
memory/2680-5-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-19-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-20-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-22-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-21-0x00007FFAC02C0000-0x00007FFAC02D0000-memory.dmp

Filesize
64KB

Download
memory/2680-18-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-9-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-6-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download
memory/2680-2-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

Filesize
64KB

Download
memory/2680-0-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

Filesize
64KB

Download
memory/2680-58-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

Filesize
64KB

Download
memory/2680-56-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

Filesize
64KB

Download
memory/2680-59-0x00007FFAC28F0000-0x00007FFAC2900000-memory.dmp

Filesize
64KB

Download
memory/2680-60-0x00007FFB02870000-0x00007FFB02A65000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads