098bfe7ab9c2ca61fc488b0e9751adc098330485b49023852a3fcccace8a227f

General

Target

SecuriteInfo.com.Exploit.CVE-2017-11882.123.25336.18229.rtf
Size

87KB
MD5

7d3b215b98532e8570e22f353da4223e
SHA1

004b80efe852e998a9ec7c67cf524d5abb660d1c
SHA256

098bfe7ab9c2ca61fc488b0e9751adc098330485b49023852a3fcccace8a227f
SHA512

49f9ef28d030c16cf5035f4a9fadecb385e37603093b3d6c6a871b8dcab3f23ae068e1f19fd38b8a62946eaf77cff8fd8f428a73fb7e90f09b74a64a9d8f0f64
SSDEEP

384:TyfLh3m+7oZ5xgLn4LwP/sluJJxoMTtPNmZYjCYnXPKl:2fLtm+I7AzD1mOCYnfKl

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4844	WINWORD.EXE
4844	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE
4844	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.CVE-2017-11882.123.25336.18229.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCDE03C.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
memory/4844-18-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-552-0x00007FFCAF9B0000-0x00007FFCAF9C0000-memory.dmp

Filesize
64KB

Download
memory/4844-5-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-9-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-11-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-12-0x00007FFCAD370000-0x00007FFCAD380000-memory.dmp

Filesize
64KB

Download
memory/4844-15-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-13-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-14-0x00007FFCAD370000-0x00007FFCAD380000-memory.dmp

Filesize
64KB

Download
memory/4844-16-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-19-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-22-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-21-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-20-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-555-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-4-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-10-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-8-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-7-0x00007FFCAF9B0000-0x00007FFCAF9C0000-memory.dmp

Filesize
64KB

Download
memory/4844-6-0x00007FFCAF9B0000-0x00007FFCAF9C0000-memory.dmp

Filesize
64KB

Download
memory/4844-2-0x00007FFCAF9B0000-0x00007FFCAF9C0000-memory.dmp

Filesize
64KB

Download
memory/4844-3-0x00007FFCAF9B0000-0x00007FFCAF9C0000-memory.dmp

Filesize
64KB

Download
memory/4844-42-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-43-0x00007FFCEF9CD000-0x00007FFCEF9CE000-memory.dmp

Filesize
4KB

Download
memory/4844-44-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-45-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-0-0x00007FFCAF9B0000-0x00007FFCAF9C0000-memory.dmp

Filesize
64KB

Download
memory/4844-551-0x00007FFCAF9B0000-0x00007FFCAF9C0000-memory.dmp

Filesize
64KB

Download
memory/4844-553-0x00007FFCAF9B0000-0x00007FFCAF9C0000-memory.dmp

Filesize
64KB

Download
memory/4844-17-0x00007FFCEF930000-0x00007FFCEFB25000-memory.dmp

Filesize
2.0MB

Download
memory/4844-554-0x00007FFCAF9B0000-0x00007FFCAF9C0000-memory.dmp

Filesize
64KB

Download
memory/4844-1-0x00007FFCEF9CD000-0x00007FFCEF9CE000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads