Overview

overview

10

Static

static

1

SecuriteIn...87.rtf

windows7-x64

10

SecuriteIn...87.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2024 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Exploit.CVE-2018-0798.4.3772.16087.rtf

  • Size

    344KB

  • MD5

    5681ef4b72b5ee6da9a3ca1ab8ec0c90

  • SHA1

    7f60fe99367dac70d31a1e9637437f6cfbd2f216

  • SHA256

    3a37259359d9dbf66ab69fc0cc456ca1840731c77415fd12aef9a13a99e3ff1a

  • SHA512

    8f11d9c2f0146435e8c0b60df008c70960533b05ca7b4fbc123d2a337ac0329e78af7a1e4695e1d501036d4dbfcfce972cf8cb0c3ad6b5e916657f72d9ce9b8d

  • SSDEEP

    6144:PwAYwAYwAYwAYwAYwAYwAYwAYwAYwAys/Dff:u

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.CVE-2018-0798.4.3772.16087.rtf" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCD823C.tmp\sist02.xsl
    Filesize

    245KB

    MD5

    f883b260a8d67082ea895c14bf56dd56

    SHA1

    7954565c1f243d46ad3b1e2f1baf3281451fc14b

    SHA256

    ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

    SHA512

    d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

    Download Submit

  • memory/888-10-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-538-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-11-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-5-0x00007FF85B770000-0x00007FF85B780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-0-0x00007FF85B770000-0x00007FF85B780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-6-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-7-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-9-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-8-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-14-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-4-0x00007FF85B770000-0x00007FF85B780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-2-0x00007FF85B770000-0x00007FF85B780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-12-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-15-0x00007FF859470000-0x00007FF859480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-13-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-16-0x00007FF859470000-0x00007FF859480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-3-0x00007FF89B78D000-0x00007FF89B78E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/888-510-0x00007FF89B6F0000-0x00007FF89B8E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/888-535-0x00007FF85B770000-0x00007FF85B780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-536-0x00007FF85B770000-0x00007FF85B780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-534-0x00007FF85B770000-0x00007FF85B780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-537-0x00007FF85B770000-0x00007FF85B780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/888-1-0x00007FF85B770000-0x00007FF85B780000-memory.dmp

    Filesize

    64KB

    Download