Analysis
-
max time kernel
113s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
21/08/2024, 12:01
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.CVE20180798.4.23716.11677.rtf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.CVE20180798.4.23716.11677.rtf
Resource
win10v2004-20240802-en
General
-
Target
SecuriteInfo.com.Exploit.CVE20180798.4.23716.11677.rtf
-
Size
820KB
-
MD5
77d04e68c46c843c399d83b858b9b46a
-
SHA1
8f4f41f26cd7bd6b60045cc878c83d132f79193a
-
SHA256
d718eb322dc9348cb1813a920ca739a5c4bd6b44ac32c0c085bd92148bf94161
-
SHA512
22986daa2bd352305885276d9c000caf89c171a6187caadb1d29bbbf1e89916e4a6a199aa6500890befaa9dfc92a14d87976b470b41ec49f5f050b40f9b8b81d
-
SSDEEP
6144:3wAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAN:uE
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4620 WINWORD.EXE 4620 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 4620 WINWORD.EXE 4620 WINWORD.EXE 4620 WINWORD.EXE 4620 WINWORD.EXE 4620 WINWORD.EXE 4620 WINWORD.EXE 4620 WINWORD.EXE 4620 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.CVE20180798.4.23716.11677.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4620
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
Filesize
16B
MD5d29962abc88624befc0135579ae485ec
SHA1e40a6458296ec6a2427bcb280572d023a9862b31
SHA256a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866
SHA5124311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize1KB
MD5b305cade548abe1b18cb1b8bbe6b44c9
SHA154b5c7b07310c8e7a54d96f6d2e7dbc3ff41e229
SHA256f5e6778731d7b02ade9c1c613928d387799f1c8e52621a9e0fc644be823c4fad
SHA512dc87b4bddfb9323c93f859adad6e3d0bb90eac399f9e617c4ae09745620542a3815194c790a7bd7676f25b87470babdd582ff9c96238057f819daddbb1e38b8f