becb125c117c22630a1b0eb63d31cb107f4d00115f1457444201c9bdc3f7b295

Analysis

max time kernel
149s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MCENGINE.dot
Size

13KB
MD5

9bfc302ef451f7747d79ecfe6088a7d6
SHA1

9248955589bbf5399c0318dd725ac62e87892f5e
SHA256

d42f98d8e6d98d441733f1b774bfefd4e81350b45ae5293652bf8fde132d5097
SHA512

898cb5c48de5c55e28a85dee2b41045ba26e2b3365920ac1a66b1e2b47e119d7e23e1e2085dd9e829a5ebd13a3e90b3350bfb9d7dc020183f5ddc657682f2f29
SSDEEP

192:zmP509H2D/tGHKZSeLpEZx90l5Av6A/BFZdZ/Rp:zmx0t2yhopQFj

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
404	WINWORD.EXE
404	WINWORD.EXE

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE
404	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\MCENGINE.dot" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
4KB

MD5
f19f3767529880a4052c03f24c3f37b3

SHA1
a1f220364e73edab64ed5deb23700708606ffc5e

SHA256
4f0a90ef558abd177ac6008ab9450e51aff68720b594615aedca8e592ba3450b

SHA512
9c83baa9f362298beb45abd67f45e9333ab52b24bc0513b67d56bbaa9ea146696148d017d62713912929e1ae7625dd7775b80a67bf181c0abb9542a1b1a142a0

Download Submit
memory/404-12-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-38-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-1-0x00007FFE63110000-0x00007FFE63120000-memory.dmp

Filesize
64KB

Download
memory/404-4-0x00007FFE63110000-0x00007FFE63120000-memory.dmp

Filesize
64KB

Download
memory/404-5-0x00007FFEA312D000-0x00007FFEA312E000-memory.dmp

Filesize
4KB

Download
memory/404-9-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-10-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-11-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-14-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-13-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-15-0x00007FFE608B0000-0x00007FFE608C0000-memory.dmp

Filesize
64KB

Download
memory/404-0-0x00007FFE63110000-0x00007FFE63120000-memory.dmp

Filesize
64KB

Download
memory/404-3-0x00007FFE63110000-0x00007FFE63120000-memory.dmp

Filesize
64KB

Download
memory/404-17-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-18-0x00007FFE608B0000-0x00007FFE608C0000-memory.dmp

Filesize
64KB

Download
memory/404-20-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-16-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-8-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-7-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-6-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-37-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-19-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-2-0x00007FFE63110000-0x00007FFE63120000-memory.dmp

Filesize
64KB

Download
memory/404-44-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download
memory/404-45-0x00007FFEA3090000-0x00007FFEA3285000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads