Analysis
-
max time kernel
1756s -
max time network
1766s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 22:28
Static task
static1
Behavioral task
behavioral1
Sample
КрыловЭ.docx
Resource
win10v2004-20240508-en
General
-
Target
КрыловЭ.docx
-
Size
776KB
-
MD5
c232b5e505ce09a3ce1302aaf3844536
-
SHA1
69aebff3010a52a153b74dd3761e4c71c4eb8d28
-
SHA256
9df2d19f67d796090eeeff50200f3fa37520d9ba1936d6a1bc5101a495226925
-
SHA512
97b3cd01c015448e6b3d333637dc06776ded210c3a104dcf97b25b025152954fbd8e2004c91b997c2286d129e86b8c6bb8cbca6f7d6074f706757d0ebd59b088
-
SSDEEP
12288:kQwPYzO+SqX/pBFBrZQglbqngRTRuM08B6x3es4wmSMIYPPp+EJyMU:OPn+SsLrZQg9e4RuvBmSjKx+Ei
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 1272 WINWORD.EXE 1272 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE 1272 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\КрыловЭ.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1272
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
710B
MD514eacf3cf0a92d6ff2f107bb1dba9d64
SHA1b6bd6b60cb31c66c2d1c99755e9dd3acf314f906
SHA256ba1b59461a2f4dcb548b8d7e4639cc75d261e6b9a64bc3aac66ba22c39c60a37
SHA512148a8ca61d6919f221f61fb6f1741646f45c421cba47478a92354a5a8df781d01adbf4ee82c6083499cadf6fcef38b31d7c0ee80810f5706e2cbd4a453a2dc4e
-
Filesize
710B
MD585382491f405b67e7b153eb5ad55311d
SHA1e971c0455f918ec6d1dff6867047941aee8ae038
SHA256069f3581fd71bdf00b1aae20bf4c5e6678ab2804fd913ea2b84d32e5937c1aad
SHA51218e4a9d95b1d99aa4dbe1c08db16148ae839ab0bfd9537096562a7a396f0460429d3e4c48fdfee47a84f94cf5f04440b282a5f3f9e9383f5820784c6d597ebd6
-
Filesize
580B
MD55752280295707d86ee1964c0dfb821c2
SHA1cc055cdf0cc5fa325a87c059a0929b182b730ba0
SHA2566af675d74d20939721c02eabb2283fe8f3ff12ff0b57609101bd94399aa80fbc
SHA512f8160cfbc7d6a8b78a3954878db923ad929b566e1148e275678996ab2c8278ffee306d0b354e001cf1e1b9cb4e93cf04da10991a4c371bffdb68af1fee2fae03
-
Filesize
710B
MD506d9cdeb5ccc5e1be3e405ec34f8b37d
SHA156a28b812687039d9b8114410cf46a1dd9d2f00a
SHA256da26a1786b278c32c7b6b0495a2cbe47059ecac89ea020d4c935d511cf37fbb9
SHA5120614de091aa4d90b492e5c67b9511eada9ff6af4fb8b5b0521f73fdb7699d70a90eaf850fbab7e178b2979f2eca9d3d8fc45c01ba89b1e4c5025a56d23c9c22d
-
Filesize
710B
MD5724581ff440f78cd010f78bb88ba7dca
SHA18b1b089583c9b63e1b9f660c8e5ef490780096d6
SHA2562d7bfbd913fe0acdf36f136bd9b9e5fad382c7b13d057844415d14c0c3064f36
SHA51271f2d497a76422283b93d87229eb89c583c5ffec2a2f076bba95eaef0934b9106be52c843984b86702429faec309e09b5bdf01087df0c6edbed1e348e8570bbb
-
Filesize
486B
MD56b378830fc2b6e972c6b8c1884aea82d
SHA11d1c420091ee4641a170bba1f22d63ab23b3e4b4
SHA256658d813bb0dd0e3abc3c4ea88394a647b242aaf80f1b220214e35d8e34f2d524
SHA5120567964e018b1b1bbaa98142d27478b1b7617da1ab5154fbb662a19a46a717a77945f61ef5747b1abd2958f26b36ef9e3c68408fc8d1eba9872f32bd2c817382
-
Filesize
516B
MD50dd4954d162fffddd48747f92ea056aa
SHA1943ae1333602dfbaa779fc35d4eff3afb125826d
SHA256a80c6eee6daf3965f10cac6f0a42b41aaac706473a831db10649423889ef06b7
SHA512b02002020d9bea0d240bcf52c8eb1911d66d3dccd3f134d803b987912f18c51e35fea10d815582dfa129d6e8546477dc9c3bf062c4f30d881de706a4536da37b
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84