773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5

Analysis

max time kernel
23s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5.docx
Size

141KB
MD5

584410ce253da7a7a165233ca100ca83
SHA1

4be0e18e971f0c8443aba983826312f1a9103f0a
SHA256

773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5
SHA512

66555af131b8d9474bc3db81227b3ef4e74a7b3bc678b5715a54b52017d99f266729cbc2358425d09bcded014f6682633d30f2e1122a140faa54527c221348ae
SSDEEP

3072:nHjiNnE9xcCSbQcFyjZ9p7p6+1Ghfu+uUsw8Okcf:HedEFSbQ4gZ939Ou+uUsw7ki

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2360	WINWORD.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2360	WINWORD.EXE
2360	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5.docx"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{0682582E-10AC-455B-8618-75F99E285C85}.FSD

Filesize
128KB

MD5
d6c66760ccee3620f58f311354558d72

SHA1
6ed42f8a925197b08cdcc58c8a85996631e00552

SHA256
343c03bdd874f0b20bcb1acf7957586259d8c0e89918fd8594d5a58ada89d8cc

SHA512
a6fd839d87752efacfb2daf80d62fe08887ac688e32102044ecf43ce74cda15a833476a86103d764b096e82fd75f8e96025034823ef94831f44bc32ace430b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

Filesize
128KB

MD5
4f9535093a123c8ec9022737cd7c161d

SHA1
d879d2dc4fd690174318e91bc30493417121f87b

SHA256
79648d3049504b0c1fb1cd69b16fba86b28ab50dae69e7ef1ccc709fd95851b5

SHA512
b7729a376929a1ed072286d656964f655236a76b9e9f056bc3384d2e36a42e9c46906e97bac88ce9dac87edb17e8f993961754d51d0ea6c2a8e12a78409fefb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A82E057F-6DD2-4F04-94EF-0AD13FCB471E}

Filesize
128KB

MD5
6a9ac84b0d92f5c4f828c34cd5578f9f

SHA1
5359fff5f66861439401eb6b21fcdb732f31cbb4

SHA256
15a9ada7f212972abbafea031a81cd690d8df168f775df6deeba1c1bd8f4093e

SHA512
00f6e5931f00e0df9123d347934412496ff7d332e16056762391c237db92f376749ff3f203d800d52347df907f3cecdec8faa92dd34ea42287ebd89ef190e73d

Download Submit
memory/2360-0-0x000000002F421000-0x000000002F422000-memory.dmp

Filesize
4KB

Download
memory/2360-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2360-2-0x00000000712ED000-0x00000000712F8000-memory.dmp

Filesize
44KB

Download
memory/2360-61-0x00000000712ED000-0x00000000712F8000-memory.dmp

Filesize
44KB

Download