Analysis
-
max time kernel
144s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/06/2024, 01:17
Static task
static1
Behavioral task
behavioral1
Sample
50854970fd66243f52d703bb6901005be169ba588c2184c32bf915517e6e02ec.docx
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
50854970fd66243f52d703bb6901005be169ba588c2184c32bf915517e6e02ec.docx
Resource
win10v2004-20240226-en
General
-
Target
50854970fd66243f52d703bb6901005be169ba588c2184c32bf915517e6e02ec.docx
-
Size
16KB
-
MD5
4080602520c9480551d0aaf44dd503c9
-
SHA1
bf129825d1e27021d04c84716f263af3d2e391d3
-
SHA256
50854970fd66243f52d703bb6901005be169ba588c2184c32bf915517e6e02ec
-
SHA512
353246c7d24041dfc38ab034a1d5886144712c32c6ba30c3a8aeef862c77cc8d02bdce5018b01c906ac446b5c923cb5e71062a2941aaab52b6b15d07e79b1e40
-
SSDEEP
384:HyXq9ndWvs8PL8wi4OEwH8TIbE91r2fRVJY2vieSBgTr+:Hcq7Y5P3DOqnYJj3vPSBgT6
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 1380 WINWORD.EXE 1380 WINWORD.EXE -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeAuditPrivilege 1380 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 1380 WINWORD.EXE 1380 WINWORD.EXE 1380 WINWORD.EXE 1380 WINWORD.EXE 1380 WINWORD.EXE 1380 WINWORD.EXE 1380 WINWORD.EXE 1380 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\50854970fd66243f52d703bb6901005be169ba588c2184c32bf915517e6e02ec.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5956 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:81⤵PID:680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84