e59f4a93fa9780552ba47058a4fdc5b6551ce5b23d49c6639a7ba0999d42fc79

Analysis

max time kernel
114s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jiotorolife.zip
Size

59.0MB
MD5

b87aaf8eb9eb0a835525f9e525529319
SHA1

0ef661020e4ca27a0cad56705058d3e2487550a1
SHA256

e59f4a93fa9780552ba47058a4fdc5b6551ce5b23d49c6639a7ba0999d42fc79
SHA512

3e5e383b5fb11e0061e417916c4491fee7307fa5f7a49aad2d789c4f53cc75badb173115e7e589085a8abac0e42fcbd76b0ea3246532e9e5cb33b393ce3444f2
SSDEEP

1572864:D+mtAQOddI5w/Uq5v/09sBTZZ8XUL9qE6oSSDBDF:D+mtCddIhMHbBT38EL9qXctR

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4668	WINWORD.EXE
4668	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4668	WINWORD.EXE
4668	WINWORD.EXE
4668	WINWORD.EXE
4668	WINWORD.EXE
4668	WINWORD.EXE
4668	WINWORD.EXE
4668	WINWORD.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\jiotorolife.zip
1⤵
PID:4732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1200

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ConvertMeasure.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4668-5-0x00007FF9F35B0000-0x00007FF9F35C0000-memory.dmp

Filesize
64KB

Download
memory/4668-13-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download
memory/4668-4-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download
memory/4668-6-0x00007FF9F35B0000-0x00007FF9F35C0000-memory.dmp

Filesize
64KB

Download
memory/4668-3-0x00007FFA335CD000-0x00007FFA335CE000-memory.dmp

Filesize
4KB

Download
memory/4668-8-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download
memory/4668-7-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download
memory/4668-9-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download
memory/4668-11-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download
memory/4668-14-0x00007FF9F0C50000-0x00007FF9F0C60000-memory.dmp

Filesize
64KB

Download
memory/4668-0-0x00007FF9F35B0000-0x00007FF9F35C0000-memory.dmp

Filesize
64KB

Download
memory/4668-12-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download
memory/4668-10-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download
memory/4668-15-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download
memory/4668-16-0x00007FF9F0C50000-0x00007FF9F0C60000-memory.dmp

Filesize
64KB

Download
memory/4668-1-0x00007FF9F35B0000-0x00007FF9F35C0000-memory.dmp

Filesize
64KB

Download
memory/4668-2-0x00007FF9F35B0000-0x00007FF9F35C0000-memory.dmp

Filesize
64KB

Download
memory/4668-69-0x00007FF9F35B0000-0x00007FF9F35C0000-memory.dmp

Filesize
64KB

Download
memory/4668-68-0x00007FF9F35B0000-0x00007FF9F35C0000-memory.dmp

Filesize
64KB

Download
memory/4668-66-0x00007FF9F35B0000-0x00007FF9F35C0000-memory.dmp

Filesize
64KB

Download
memory/4668-67-0x00007FF9F35B0000-0x00007FF9F35C0000-memory.dmp

Filesize
64KB

Download
memory/4668-70-0x00007FFA33530000-0x00007FFA33725000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads