Analysis
-
max time kernel
103s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
03-07-2024 16:06
General
-
Target
03072024_1606_02072024_DHL522918767AA.docx
-
Size
16KB
-
MD5
f97f213bb0f35c63379e436ed801f3cb
-
SHA1
a3d28a24d4b3e1a499873d295195bc41a5fd843d
-
SHA256
ee701c82b92562f01edbb96ef74f5db9b59ba479e87bdd01c75da61b94203e41
-
SHA512
ed8c715d6472b37d8874c4fba288f3c515a2b43bd7fbec8c4cad70f2e63d925d0daea27346be50a7aa4c5801399a8171a6a1f14b096c0725e6fc929482dcf4a4
-
SSDEEP
384:UyX/fCXWws8PL8wi4OEwH8TIbE91r2fRK/JYjvigf6vqsp:Uc/+j5P3DOqnYJGuvNf6vR
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\03072024_1606_02072024_DHL522918767AA.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
270KB
MD57866c4e09fb108e42b458ebad4ecccef
SHA17c9b4bf1e07e3013657a53a8b1117778ce2e3ed5
SHA25623f933f9d9f56de80687f8568387d7507013a7c8eb04b258d9d4e0e815569cde
SHA512d42e89b82120d463172667a7f2eae8c0bcc6c64e7d51c97e0615c99c204b94d06b9abbc538ab2a7cab93d0c512471f88782ffbc02caaf23c9deb84c691046fe2
-
Filesize
243B
MD5a6599e633b71d84d2403fd22204a841e
SHA1540c1e8680da2ecd6645aa96ce5f378bd882f883
SHA256304a0f02e8afcec02e086e5c445c94f8ab05775bde422a3f8b1281cf35c86141
SHA51244c028439bacce9abc0b4cda82f5f8c624138e2a148aaa4a4810bc7e376c4b6ff9a33991945fdd1896c073150b4140bb5d578395cea44b1d8fe44d0bfb9cf682
-
Filesize
262KB
MD551d32ee5bc7ab811041f799652d26e04
SHA1412193006aa3ef19e0a57e16acf86b830993024a
SHA2566230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA5125fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB