Overview

overview

10

Static

static

8

ff42cadcc2...fa.doc

windows7-x64

10

ff42cadcc2...fa.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    46s
  • max time network
    55s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 21:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ff42cadcc2330931d543161391a98f21f03ced156aa0764d874488f60228f7fa.doc

  • Size

    37KB

  • MD5

    697e5b6be7f05596b54956e1c3d0cfdf

  • SHA1

    07a1e8a0c74df4c0a6a6921568b56a012ee797f9

  • SHA256

    ff42cadcc2330931d543161391a98f21f03ced156aa0764d874488f60228f7fa

  • SHA512

    ab4bfc6fb128f050416abe1865749a56cd2d916d7f97fcde1b17c9ab9ab47c88b0db3ba4188c6d29e8a63330ca11f9977db16709f7ae43c78ac60f728cb31baa

  • SSDEEP

    384:On8iSsqdg1vA9cbVH532g7SQdrNy+pJdH50jntC:OE+1o9uHYg7bPy+pJd5

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ff42cadcc2330931d543161391a98f21f03ced156aa0764d874488f60228f7fa.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3568

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3568-0-0x00007FF8C7930000-0x00007FF8C7940000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-2-0x00007FF8C7930000-0x00007FF8C7940000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-1-0x00007FF8C7930000-0x00007FF8C7940000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-4-0x00007FF90794D000-0x00007FF90794E000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3568-3-0x00007FF8C7930000-0x00007FF8C7940000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-5-0x00007FF8C7930000-0x00007FF8C7940000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-6-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-8-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-7-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-9-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-10-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-12-0x00007FF8C50E0000-0x00007FF8C50F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-11-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-14-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-15-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-13-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-16-0x00007FF8C50E0000-0x00007FF8C50F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3568-20-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-21-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-19-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-18-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-17-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-25-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-33-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/3568-34-0x00007FF9078B0000-0x00007FF907AA5000-memory.dmp

          Filesize

          2.0MB

          Download