Overview

overview

3

Static

static

1

Quarantine...3).zip

windows11-21h2-x64

1

0e943a5a-1...c3.eml

windows11-21h2-x64

3

IQHM.png

windows11-21h2-x64

3

darren.bur...2.docx

windows11-21h2-x64

1

email-html-2.txt

windows11-21h2-x64

3

email-plain-1.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    201s
  • max time network
    203s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240704-en
  • resource tags

    arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/07/2024, 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]_benefits_8nmxt2.docx

  • Size

    34KB

  • MD5

    64a4f3913c42dd3ee6b2bb21f0cb7f93

  • SHA1

    3bc963e9489bee256363bc3cb01597f89d50d4a2

  • SHA256

    0d527c3e578752f9bb9859b6adef6022e090b35aaae61d2d904b6f9bf61b7d7c

  • SHA512

    76ceee3d6cd1817bfb9aab77572a84e0221c5fb79657332f9e0d52ae14fb55a89228670398b111f7d76ecad198f4d1f3a1d127294b93e189c3809e2119fa59d1

  • SSDEEP

    768:5wjGlnKFk8j2lvYehAUe87WyZsXPAIINEYfQXQURBtDZE34:5Ddn8OYeeZ4mffImR1ZZEI

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 25 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\[email protected]_benefits_8nmxt2.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2476

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCDC5C7.tmp\iso690.xsl
    Filesize

    263KB

    MD5

    ff0e07eff1333cdf9fc2523d323dd654

    SHA1

    77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

    SHA256

    3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

    SHA512

    b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

    Download Submit

  • memory/2476-24-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-8-0x00007FF800DC0000-0x00007FF800DD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2476-3-0x00007FF803650000-0x00007FF803660000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2476-5-0x00007FF843663000-0x00007FF843664000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2476-1-0x00007FF803650000-0x00007FF803660000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2476-6-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-7-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-9-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-10-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-12-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-17-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-23-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-4-0x00007FF803650000-0x00007FF803660000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2476-25-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-21-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-22-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-20-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-19-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-18-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-16-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-15-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-14-0x00007FF800DC0000-0x00007FF800DD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2476-13-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-11-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2476-0-0x00007FF803650000-0x00007FF803660000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2476-2-0x00007FF803650000-0x00007FF803660000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2476-518-0x00007FF8435C0000-0x00007FF8437C9000-memory.dmp

    Filesize

    2.0MB

    Download