d5a6b19ed0cb225a61c510bff2f2713b3a69435527f41fbb83d4e8343effaa13

General

Target

SecuriteInfo.com.Exploit.CVE-2018-0798.4.29500.322.rtf
Size

493KB
MD5

d4114e19370fc67f7ba24d46bc6f53d2
SHA1

dd71a38ee9936da3c085e48719518f089192fa62
SHA256

d5a6b19ed0cb225a61c510bff2f2713b3a69435527f41fbb83d4e8343effaa13
SHA512

177860704b9b2e58ac0d8d3d6b61d12151ba5cf2852c473526594d5be44e008bcadbec9a6a47827d9ea080d0ea97370549e7d651897f701be7dd9c85e529a53e
SSDEEP

6144:OwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAL:4

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3428	WINWORD.EXE
3428	WINWORD.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3428	WINWORD.EXE
3428	WINWORD.EXE
3428	WINWORD.EXE
3428	WINWORD.EXE
3428	WINWORD.EXE
3428	WINWORD.EXE
3428	WINWORD.EXE
3428	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.CVE-2018-0798.4.29500.322.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCDCF2D.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/3428-9-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-5-0x00007FFD85450000-0x00007FFD85460000-memory.dmp

Filesize
64KB

Download
memory/3428-22-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-4-0x00007FFDC546D000-0x00007FFDC546E000-memory.dmp

Filesize
4KB

Download
memory/3428-6-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-10-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-0-0x00007FFD85450000-0x00007FFD85460000-memory.dmp

Filesize
64KB

Download
memory/3428-11-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-12-0x00007FFD830C0000-0x00007FFD830D0000-memory.dmp

Filesize
64KB

Download
memory/3428-8-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-7-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-13-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-14-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-15-0x00007FFD830C0000-0x00007FFD830D0000-memory.dmp

Filesize
64KB

Download
memory/3428-548-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-3-0x00007FFD85450000-0x00007FFD85460000-memory.dmp

Filesize
64KB

Download
memory/3428-21-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-20-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-19-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-17-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-16-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-1-0x00007FFD85450000-0x00007FFD85460000-memory.dmp

Filesize
64KB

Download
memory/3428-2-0x00007FFD85450000-0x00007FFD85460000-memory.dmp

Filesize
64KB

Download
memory/3428-519-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-520-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download
memory/3428-545-0x00007FFD85450000-0x00007FFD85460000-memory.dmp

Filesize
64KB

Download
memory/3428-544-0x00007FFD85450000-0x00007FFD85460000-memory.dmp

Filesize
64KB

Download
memory/3428-547-0x00007FFD85450000-0x00007FFD85460000-memory.dmp

Filesize
64KB

Download
memory/3428-546-0x00007FFD85450000-0x00007FFD85460000-memory.dmp

Filesize
64KB

Download
memory/3428-18-0x00007FFDC53D0000-0x00007FFDC55C5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads