8390bbfdbfb0c8b24b125298b209e1d6f242deb305f368bb3473e462ef09e2f6

General

Target

bonus-payout.docx
Size

70KB
MD5

739f99a4230fd1d797b42ea7e3cd8396
SHA1

f2ba81978cbd32cfb67ba604f27e271829cd4a51
SHA256

8390bbfdbfb0c8b24b125298b209e1d6f242deb305f368bb3473e462ef09e2f6
SHA512

4d98359562dec5d62ccfa2393423045cb663c1f313585573676aa1b25740560d7c38552a9c5d527ade257dfb8364eecbf9ef1e5b7d9c7a840e50c4da1ec7358a
SSDEEP

1536:I/m7rZHI3r/CGD5uLmdU9od9rl4xhfUZ2zkbbRFmfQ+58ZJPS26r:I/m7rZHsCTmSmd9rlMKdRYfQ+58ZJPSN

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3708	WINWORD.EXE
3708	WINWORD.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3708	WINWORD.EXE
3708	WINWORD.EXE
3708	WINWORD.EXE
3708	WINWORD.EXE
3708	WINWORD.EXE
3708	WINWORD.EXE
3708	WINWORD.EXE
3708	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\bonus-payout.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCDEDB0.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
459979b567264b22b636f7b900e6b2ab

SHA1
2520ee670e708f09e812f09743b9b6fa58d1274f

SHA256
3b992f647d74c9602f0366e62e7b54612e187d63912ccbb21f5cafd3f897640e

SHA512
b5b89a0a10e8f2185ed8d99dfe0e93b83229aa1986cc0d21d7f1594549b8085af4030e1498fb5a87c11978a5d94eaa594e435599c6d2062f7012c63b7ee33ab3

Download Submit
memory/3708-16-0x00007FFB3D5B0000-0x00007FFB3D5C0000-memory.dmp

Filesize
64KB

Download
memory/3708-18-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-4-0x00007FFB3F610000-0x00007FFB3F620000-memory.dmp

Filesize
64KB

Download
memory/3708-5-0x00007FFB7F62D000-0x00007FFB7F62E000-memory.dmp

Filesize
4KB

Download
memory/3708-6-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-10-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-11-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-8-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-12-0x00007FFB3D5B0000-0x00007FFB3D5C0000-memory.dmp

Filesize
64KB

Download
memory/3708-7-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-9-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-15-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-0-0x00007FFB3F610000-0x00007FFB3F620000-memory.dmp

Filesize
64KB

Download
memory/3708-17-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-3-0x00007FFB3F610000-0x00007FFB3F620000-memory.dmp

Filesize
64KB

Download
memory/3708-21-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-14-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-20-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-19-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-22-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-13-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-1-0x00007FFB3F610000-0x00007FFB3F620000-memory.dmp

Filesize
64KB

Download
memory/3708-2-0x00007FFB3F610000-0x00007FFB3F620000-memory.dmp

Filesize
64KB

Download
memory/3708-160-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download
memory/3708-185-0x00007FFB3F610000-0x00007FFB3F620000-memory.dmp

Filesize
64KB

Download
memory/3708-188-0x00007FFB3F610000-0x00007FFB3F620000-memory.dmp

Filesize
64KB

Download
memory/3708-187-0x00007FFB3F610000-0x00007FFB3F620000-memory.dmp

Filesize
64KB

Download
memory/3708-186-0x00007FFB3F610000-0x00007FFB3F620000-memory.dmp

Filesize
64KB

Download
memory/3708-189-0x00007FFB7F590000-0x00007FFB7F785000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads