Analysis
-
max time kernel
23s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
05/08/2024, 21:15
Static task
static1
Behavioral task
behavioral1
Sample
773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5.docx
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5.docx
Resource
win10v2004-20240802-en
General
-
Target
773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5.docx
-
Size
141KB
-
MD5
584410ce253da7a7a165233ca100ca83
-
SHA1
4be0e18e971f0c8443aba983826312f1a9103f0a
-
SHA256
773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5
-
SHA512
66555af131b8d9474bc3db81227b3ef4e74a7b3bc678b5715a54b52017d99f266729cbc2358425d09bcded014f6682633d30f2e1122a140faa54527c221348ae
-
SSDEEP
3072:nHjiNnE9xcCSbQcFyjZ9p7p6+1Ghfu+uUsw8Okcf:HedEFSbQ4gZ939Ou+uUsw7ki
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2360 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2360 WINWORD.EXE 2360 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5.docx"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2360
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{0682582E-10AC-455B-8618-75F99E285C85}.FSD
Filesize128KB
MD5d6c66760ccee3620f58f311354558d72
SHA16ed42f8a925197b08cdcc58c8a85996631e00552
SHA256343c03bdd874f0b20bcb1acf7957586259d8c0e89918fd8594d5a58ada89d8cc
SHA512a6fd839d87752efacfb2daf80d62fe08887ac688e32102044ecf43ce74cda15a833476a86103d764b096e82fd75f8e96025034823ef94831f44bc32ace430b39
-
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Filesize128KB
MD54f9535093a123c8ec9022737cd7c161d
SHA1d879d2dc4fd690174318e91bc30493417121f87b
SHA25679648d3049504b0c1fb1cd69b16fba86b28ab50dae69e7ef1ccc709fd95851b5
SHA512b7729a376929a1ed072286d656964f655236a76b9e9f056bc3384d2e36a42e9c46906e97bac88ce9dac87edb17e8f993961754d51d0ea6c2a8e12a78409fefb8
-
Filesize
128KB
MD56a9ac84b0d92f5c4f828c34cd5578f9f
SHA15359fff5f66861439401eb6b21fcdb732f31cbb4
SHA25615a9ada7f212972abbafea031a81cd690d8df168f775df6deeba1c1bd8f4093e
SHA51200f6e5931f00e0df9123d347934412496ff7d332e16056762391c237db92f376749ff3f203d800d52347df907f3cecdec8faa92dd34ea42287ebd89ef190e73d