75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12

Analysis

max time kernel
447s
max time network
1169s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
21-07-2024 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tinytask.exe
Size

35KB
MD5

8fd3551654f0f5281ddbd7e32cb73054
SHA1

9b1c9722847cd57cd11e4de80cd9e8197c3c34cd
SHA256

75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12
SHA512

a716f535e363fc1225b1665e1c24693e768d13699ea37bdf57effe4fea24b4b30a2181174f66c35e749b9c845b07f82eecbf282ee5972de0426f847293d46b4b
SSDEEP

768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW:5zGzd0wXlVwv0SgNQXoeAW

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
2064	WINWORD.EXE
2064	WINWORD.EXE
2368	WINWORD.EXE
2368	WINWORD.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5096	tinytask.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2064	WINWORD.EXE
2064	WINWORD.EXE
2064	WINWORD.EXE
2064	WINWORD.EXE
2064	WINWORD.EXE
2064	WINWORD.EXE
2064	WINWORD.EXE
2064	WINWORD.EXE
2368	WINWORD.EXE
2368	WINWORD.EXE
2368	WINWORD.EXE
2368	WINWORD.EXE
2368	WINWORD.EXE
2368	WINWORD.EXE
2368	WINWORD.EXE

C:\Users\Admin\AppData\Local\Temp\tinytask.exe
"C:\Users\Admin\AppData\Local\Temp\tinytask.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5096

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\MergeProtect.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\MergeProtect.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
471B

MD5
c3e44e7f8586c3c5853a38e77387226e

SHA1
ac04a83b9a56b25767ee167290b7557a43fd62a2

SHA256
9fd1c8886204b3b75c24ed131ce0ae03a66fac8ef627b23e80ad7380db8ad270

SHA512
389cd8f15b4163bc77f065598ce74cafb3291ee6979e024ef7709c4dee5ae09ad672c816a535b4cf85b7c8a9b1ca574768899bed319268d2f1a608ee081b756b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

Filesize
420B

MD5
ec67b88c3c8ee9e7ca51aff7f96fdd49

SHA1
4b26cfc9731fa839834337663c4541368175a75a

SHA256
170529f50b758a5e4cad074fc8cd3d99395ec7274e3f484be1b30225018a6e37

SHA512
0a6429d9b07b1f0947c4e02b432b567a2f724772f4dbd8abd60a7af65be10c86f783e53a5813499c0b49a565677b9dace25a4f0b2c7a4df6da7b9e10c5a5f79c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\30404A72-3864-4CB5-A663-6E05A9BAD955

Filesize
169KB

MD5
0045914532ab61308b9d1960b5994749

SHA1
4b08154effd9b7be5eaaa957911bac2635b1b66e

SHA256
dede63b727d32096d8c026ca6febf993968acff3cd8961a14c281404e69836ee

SHA512
5abc24ea8980b38bb6c38ca0310f0cb566be0b90312d7fcb4ae270eba583b30567b8094566a982c1256eff944f4c39bebd5372f753dd3f330b6945fea57a29f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
8KB

MD5
c02b4268b9ddf28f7990a634fdf052af

SHA1
58fd5d443f28ade496764dccc84830720f299602

SHA256
8fd6e0423af33d3374b0b60a70cd4c6f6911cf5024d08abd434bd2aed7410913

SHA512
bc093e66740001ae892601ce6b6dc9ea69f4532adcb4a8c6957525c91bde25823023730fb8f78586219034f8fb8e060e88eed5c8ed5b3257af20eb1c10d8a014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db

Filesize
24KB

MD5
8665de22b67e46648a5a147c1ed296ca

SHA1
b289a96fee9fa77dd8e045ae8fd161debd376f48

SHA256
b5cbae5c48721295a51896f05abd4c9566be7941cda7b8c2aecb762e6e94425f

SHA512
bb03ea9347d302abf3b6fece055cdae0ad2d7c074e8517f230a90233f628e5803928b9ba7ba79c343e58dacb3e7a6fc16b94690a5ab0c71303959654a18bb5da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\MergeProtect.docx.LNK

Filesize
537B

MD5
8c3e1ed4f53ac36fe9ba50915503a659

SHA1
ca3559a26a07bbadda01254d839bf9dd87cf96ed

SHA256
512aeb137870c470a27cc081cad5a0c8f4a9b7d13a9b46fdd7824d39b9e2dfbc

SHA512
810507fd023bc4ce6dbbf4e3218a1aa647231bc22142df40daa4e9bd8b87bd794f335ae09b01560dd38ef92f0dfdac58f4571c5884f8c7fced882bd426711369

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
205B

MD5
08e5101d0ea88a1893e2137a4253c3cf

SHA1
af04449231aa05a455ab05eaebd620866161f111

SHA256
6e376107f0613f337319b28ef189a83fe6a6c867c515b14def9c25d88782f590

SHA512
1f4f0e82ae3427092b6521fe7e6f0ec7dc53d27793fe4429c608dc11fbed0463628eb212ef5222bbbf6aafe0d4d9deb522bdc7632321e8b3b4aef49f9e359fb6

Download Submit
memory/2064-10-0x00007FFF4D9E0000-0x00007FFF4DBE9000-memory.dmp

Filesize
2.0MB

Download
memory/2064-0-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2064-13-0x00007FFF0B0E0000-0x00007FFF0B0F0000-memory.dmp

Filesize
64KB

Download
memory/2064-14-0x00007FFF0B0E0000-0x00007FFF0B0F0000-memory.dmp

Filesize
64KB

Download
memory/2064-7-0x00007FFF4D9E0000-0x00007FFF4DBE9000-memory.dmp

Filesize
2.0MB

Download
memory/2064-49-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2064-51-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2064-52-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2064-50-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2064-53-0x00007FFF4D9E0000-0x00007FFF4DBE9000-memory.dmp

Filesize
2.0MB

Download
memory/2064-2-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2064-1-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2064-5-0x00007FFF4DA83000-0x00007FFF4DA84000-memory.dmp

Filesize
4KB

Download
memory/2064-4-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2064-3-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2064-12-0x00007FFF4D9E0000-0x00007FFF4DBE9000-memory.dmp

Filesize
2.0MB

Download
memory/2064-11-0x00007FFF4D9E0000-0x00007FFF4DBE9000-memory.dmp

Filesize
2.0MB

Download
memory/2064-9-0x00007FFF4D9E0000-0x00007FFF4DBE9000-memory.dmp

Filesize
2.0MB

Download
memory/2064-8-0x00007FFF4D9E0000-0x00007FFF4DBE9000-memory.dmp

Filesize
2.0MB

Download
memory/2064-6-0x00007FFF4D9E0000-0x00007FFF4DBE9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-58-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2368-57-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2368-55-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2368-56-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2368-54-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2368-101-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2368-104-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2368-103-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download
memory/2368-102-0x00007FFF0DA70000-0x00007FFF0DA80000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads