6b8785d7d3dc581d1cfa19fbcd2b9fd11a914be94a85692f5c78b3984a1ce027

Analysis

max time kernel
422s
max time network
427s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PROGRAMFILES/RocketDock/License.rtf
Size

19KB
MD5

0bca7c097c14d3fd23c9d2d446dca8a2
SHA1

501518dcabbd16ecced6892560fd7d71e8eefac8
SHA256

b3178c7ed2826a1abb669e34a0cc18bf94ce922d03ff73f2e61739c69ccfd53c
SHA512

6591fb0646de7c48862efe837d9be257bd4b8692f31e3426b30eae763a1d3f5b932dfdbdd7b8b78d0ec7d65f60057f10a5a068c867e29845575603286697904a
SSDEEP

384:xmNj+3sPuzBmkPvfhZpdwVJssxl4ZbTxz9gGY/2:MNCwKfhZ7aAZv19Tt

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3028	WINWORD.EXE
3028	WINWORD.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3028	WINWORD.EXE
3028	WINWORD.EXE
3028	WINWORD.EXE
3028	WINWORD.EXE
3028	WINWORD.EXE
3028	WINWORD.EXE
3028	WINWORD.EXE
3028	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\RocketDock\License.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
a1367b32135ed5467f92e612cee91b1b

SHA1
3eac92ab557f86e92fc1fbc435ef677965510079

SHA256
1139c1cf00526b10eff4f17c8f296fe559e867eaa9c4b18136fd95fc4e2dd429

SHA512
420cf5e8838d0164d22c40749a71425eaf9995633999065c688bed097d26cc76c7e8f3c480382246ed882ba200bbed8b2e856fbb483e33f842f4d885665bbef7

Download Submit
memory/3028-6-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-16-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-3-0x00007FFEAFE30000-0x00007FFEAFE40000-memory.dmp

Filesize
64KB

Download
memory/3028-4-0x00007FFEEFE4D000-0x00007FFEEFE4E000-memory.dmp

Filesize
4KB

Download
memory/3028-5-0x00007FFEAFE30000-0x00007FFEAFE40000-memory.dmp

Filesize
64KB

Download
memory/3028-7-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-8-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-0-0x00007FFEAFE30000-0x00007FFEAFE40000-memory.dmp

Filesize
64KB

Download
memory/3028-9-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-12-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-11-0x00007FFEAD4D0000-0x00007FFEAD4E0000-memory.dmp

Filesize
64KB

Download
memory/3028-10-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-13-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-14-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-1-0x00007FFEAFE30000-0x00007FFEAFE40000-memory.dmp

Filesize
64KB

Download
memory/3028-15-0x00007FFEAD4D0000-0x00007FFEAD4E0000-memory.dmp

Filesize
64KB

Download
memory/3028-20-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-19-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-17-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-23-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-22-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-21-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-18-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-2-0x00007FFEAFE30000-0x00007FFEAFE40000-memory.dmp

Filesize
64KB

Download
memory/3028-37-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-38-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download
memory/3028-59-0x00007FFEAFE30000-0x00007FFEAFE40000-memory.dmp

Filesize
64KB

Download
memory/3028-58-0x00007FFEAFE30000-0x00007FFEAFE40000-memory.dmp

Filesize
64KB

Download
memory/3028-61-0x00007FFEAFE30000-0x00007FFEAFE40000-memory.dmp

Filesize
64KB

Download
memory/3028-60-0x00007FFEAFE30000-0x00007FFEAFE40000-memory.dmp

Filesize
64KB

Download
memory/3028-62-0x00007FFEEFDB0000-0x00007FFEEFFA5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads