Overview

overview

3

Static

static

1

0ab74970f4...c.docx

windows7-x64

3

0ab74970f4...c.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    60s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-08-2024 21:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ab74970f40073e5de46a0f9f9fd8ea83f7082f4e0be27fcd45d249515f91d1c.docx

  • Size

    10KB

  • MD5

    6b1defc7973541003416b77a1b06ac87

  • SHA1

    c1bde8cbc4e5d405d9ecded4b07c50c374888a1c

  • SHA256

    0ab74970f40073e5de46a0f9f9fd8ea83f7082f4e0be27fcd45d249515f91d1c

  • SHA512

    fa651061ab3042e3590ea846a037f077b410dc23a43de4ef8cc171930cb081c6e6ff1f77d677201c84074abdf58503050a5a8b337262e4f4db0f58ba2ef7895b

  • SSDEEP

    192:OEhM6yD7Z/c+8poF1d3jvvtlN9264wpCGhe3b8rfrGxjPCUUufeU:OqJGcfa7pr1lN92hwkGA3b+fyxjPCzu7

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0ab74970f40073e5de46a0f9f9fd8ea83f7082f4e0be27fcd45d249515f91d1c.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2124-0-0x00007FF938590000-0x00007FF9385A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-1-0x00007FF9785AD000-0x00007FF9785AE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2124-3-0x00007FF938590000-0x00007FF9385A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-4-0x00007FF938590000-0x00007FF9385A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-2-0x00007FF938590000-0x00007FF9385A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-6-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-5-0x00007FF938590000-0x00007FF9385A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-9-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-8-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-7-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-13-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-14-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-16-0x00007FF936240000-0x00007FF936250000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-15-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-18-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-19-0x00007FF936240000-0x00007FF936250000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-17-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-12-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-11-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-10-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-37-0x00007FF978510000-0x00007FF978705000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-38-0x00007FF9785AD000-0x00007FF9785AE000-memory.dmp

    Filesize

    4KB

    Download