f991d5a936a4ff37bd84519eb0d5f1ac7c3acd050a01cbe63365aebc8796044b

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2024 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Plugins/HVNCMemory.dll
Size

39KB
MD5

065f0830d1e36f8f44702b0f567082e8
SHA1

724c33558fcc8ecd86ee56335e8f6eb5bfeac0db
SHA256

285b462e3cd4a5b207315ad33ee6965a8b98ca58abb8d16882e4bc2d758ff1a4
SHA512

bac0148e1b78a8fde242697bff1bbe10a18ffab85fdced062de3dc5017cd77f0d54d8096e273523b8a3910fe17fac111724acffa5bec30e4d81b7b3bd312d545
SSDEEP

768:EofXMCBlQ6Kms0n6GE30IU1YKtq9oQog1zq/xPP7:EyXTa6hEZU1YKwo8Uj

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2732	WINWORD.EXE
2732	WINWORD.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2732	WINWORD.EXE
2732	WINWORD.EXE
2732	WINWORD.EXE
2732	WINWORD.EXE
2732	WINWORD.EXE
2732	WINWORD.EXE
2732	WINWORD.EXE
2732	WINWORD.EXE

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\HVNCMemory.dll,#1
1⤵
PID:756

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\RevokeRequest.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
345B

MD5
d395057b80b00a82f0ed4b1566fe1844

SHA1
79d9775eeae246c7928d5ed4699952a791d3908a

SHA256
dd60a86a65609e921d9ebf2d223e4ffb6127e41dac4ddb35b1440c9acd14b899

SHA512
96e7c74d45694d44774d806c8abb8762dea35e56dde0a9f1bb37479ad266a9c227d55bc0731809e91dd08e0ba146dab07bc43fe40f0bf0f83353848d7f148d9c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
e54ef87c11a535633f4e410e40afccbe

SHA1
53eceed3b31e2cc55ab37ac6a46482f754e796d7

SHA256
d192b5128da6209629631c7ce0c402aa0a4db13857929ca82dc825009af8347c

SHA512
948de1776d19551c8b6ef88374b5c756382fa7469bc9a7bb80295803168d2536973026febcdb292ed561954ba720847de4f9a91bbe2990722cdf8fee456c5e01

Download Submit
memory/2732-16-0x00007FFA5D9A0000-0x00007FFA5D9B0000-memory.dmp

Filesize
64KB

Download
memory/2732-8-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-14-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-6-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-17-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-12-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-11-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-10-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-9-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-7-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-5-0x00007FFA5FA90000-0x00007FFA5FAA0000-memory.dmp

Filesize
64KB

Download
memory/2732-18-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-0-0x00007FFA5FA90000-0x00007FFA5FAA0000-memory.dmp

Filesize
64KB

Download
memory/2732-15-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-4-0x00007FFA5FA90000-0x00007FFA5FAA0000-memory.dmp

Filesize
64KB

Download
memory/2732-3-0x00007FFA9FAAD000-0x00007FFA9FAAE000-memory.dmp

Filesize
4KB

Download
memory/2732-13-0x00007FFA5D9A0000-0x00007FFA5D9B0000-memory.dmp

Filesize
64KB

Download
memory/2732-19-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-21-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-23-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-22-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-20-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download
memory/2732-1-0x00007FFA5FA90000-0x00007FFA5FAA0000-memory.dmp

Filesize
64KB

Download
memory/2732-2-0x00007FFA5FA90000-0x00007FFA5FAA0000-memory.dmp

Filesize
64KB

Download
memory/2732-76-0x00007FFA5FA90000-0x00007FFA5FAA0000-memory.dmp

Filesize
64KB

Download
memory/2732-75-0x00007FFA5FA90000-0x00007FFA5FAA0000-memory.dmp

Filesize
64KB

Download
memory/2732-73-0x00007FFA5FA90000-0x00007FFA5FAA0000-memory.dmp

Filesize
64KB

Download
memory/2732-74-0x00007FFA5FA90000-0x00007FFA5FAA0000-memory.dmp

Filesize
64KB

Download
memory/2732-77-0x00007FFA9FA10000-0x00007FFA9FC05000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads