Analysis
-
max time kernel
101s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19-09-2024 12:09
Static task
static1
Behavioral task
behavioral1
Sample
0bcafe072d2547b55f7748bfd3fe84c3c17c1d2c9078333f9f06af759bba38ed.docx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0bcafe072d2547b55f7748bfd3fe84c3c17c1d2c9078333f9f06af759bba38ed.docx
Resource
win10v2004-20240802-en
General
-
Target
0bcafe072d2547b55f7748bfd3fe84c3c17c1d2c9078333f9f06af759bba38ed.docx
-
Size
56KB
-
MD5
95f392dd9c1351f3a6678650efab939c
-
SHA1
f8504a35428357cd896b4e8d61c42deb2ffe5aab
-
SHA256
0bcafe072d2547b55f7748bfd3fe84c3c17c1d2c9078333f9f06af759bba38ed
-
SHA512
35d77e7370679d8d828a3d38da9713479496d14207026a168724a2425b6a12a7bc96c72ade6d47fd9beea5bb656ef2a243b34553bc3495aac12db3444721f854
-
SSDEEP
1536:af6VyFNvFEYsyN//N4D9bkUEk010LTSv3g6WTQw4:afqON9NnNXq52kHLWv39pN
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2288 WINWORD.EXE 2288 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2288 WINWORD.EXE 2288 WINWORD.EXE 2288 WINWORD.EXE 2288 WINWORD.EXE 2288 WINWORD.EXE 2288 WINWORD.EXE 2288 WINWORD.EXE 2288 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0bcafe072d2547b55f7748bfd3fe84c3c17c1d2c9078333f9f06af759bba38ed.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2288
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5f1a9489b0ed774772224be13c2655b74
SHA19f686725174f0f18edb9746220a9d5284aa2822b
SHA256b7e3640d6ee9df006c42b20011f3453d3017a29bdac7ceae57b3064e9af7a449
SHA51267e52b17a8b7f10492d52d04caeba8d3290d911e637b5d00bd35deaedf8b83f39f7188bdf557b499d5aa746828a898aa61d4fb79b26fe0bd18973a6011f3362c
-
Filesize
5KB
MD5423df84ebc7dbb100bbbe9e8161fe423
SHA1618239ee0f165d88bee62c33c1e82051e39c3945
SHA2564872fc5531508883b894254b2970250c723c740a5a1bdef4892892c42a24e324
SHA51204a8f133e44955ece4204f66148bd50a52857a671992c8b6aa891418f1d51b36bf3ac8973daff4673de36d66496ea7ddb8083cb231a4444d627882b43959f943
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize1KB
MD5d2b699bd60218e3932c72f5093fe34e5
SHA17716cf63b70fa07afc1fd1055b5799f556c56d31
SHA25690c20813e4079422100fc35b18b705246b7651dda9c88c68a7bf0440e91dc228
SHA512ed29c0b528a7cdc5358cd17fd77c6b1477977016c177ff518907d4823838409c4fa588745f477e9614919f0f35cf8dbb9138085391c26389ca714e1f261497ae