f99deec7392a5fd28be88e8c2b8584cc4df8fa65d2bad139207418ad65afddfb

General

Target

Urlaub.docx
Size

13KB
MD5

820dc17fef0edd9b8ec91a820fb029c0
SHA1

e8e3bf48900cba4738df700bda0bd3a52d6d444a
SHA256

f99deec7392a5fd28be88e8c2b8584cc4df8fa65d2bad139207418ad65afddfb
SHA512

da50e192b513c6d2c4d9a026deb855b92728e265e3467d655f0b95cb02be4b77922276f6ea3f0ddd7d77cc38169aa8c78e7da492385ed7d418efaaaf6ab991c0
SSDEEP

384:dzqiwptfuD+Cf+CeBiFsVE8vyx7lRj7Ob8G2xg:oi2tfuOM2E8vyD576

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2020	WINWORD.EXE
2020	WINWORD.EXE

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2020	WINWORD.EXE
2020	WINWORD.EXE
2020	WINWORD.EXE
2020	WINWORD.EXE
2020	WINWORD.EXE
2020	WINWORD.EXE
2020	WINWORD.EXE
2020	WINWORD.EXE
2020	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Urlaub.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4360,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:8
1⤵
PID:3236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD9CFD.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
066c67126a3c5d64ecea61a0213a4fbb

SHA1
a4b7ecf8df83be50a0f0f9cb724c12c647a1279d

SHA256
8f44117a68135d0c49e2ad7a3e096be1f3ef613139f335736468cb6e797f213b

SHA512
6ce51af3bc1f8cb2f63bbf4629553a00be54c7ec34ceb3089c10a4ca1bb42253cd7ed080f6ce6443a61ff62be8cd8ebc18792dca87219ac9475bcf8416d15c41

Download Submit
memory/2020-14-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-8-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-7-0x00007FFBD2910000-0x00007FFBD2920000-memory.dmp

Filesize
64KB

Download
memory/2020-6-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-5-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-10-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-11-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-9-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-12-0x00007FFBD02E0000-0x00007FFBD02F0000-memory.dmp

Filesize
64KB

Download
memory/2020-15-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-16-0x00007FFBD02E0000-0x00007FFBD02F0000-memory.dmp

Filesize
64KB

Download
memory/2020-1-0x00007FFBD2910000-0x00007FFBD2920000-memory.dmp

Filesize
64KB

Download
memory/2020-13-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-4-0x00007FFBD2910000-0x00007FFBD2920000-memory.dmp

Filesize
64KB

Download
memory/2020-3-0x00007FFBD2910000-0x00007FFBD2920000-memory.dmp

Filesize
64KB

Download
memory/2020-38-0x00007FFC1292D000-0x00007FFC1292E000-memory.dmp

Filesize
4KB

Download
memory/2020-39-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-40-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-41-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download
memory/2020-2-0x00007FFBD2910000-0x00007FFBD2920000-memory.dmp

Filesize
64KB

Download
memory/2020-0-0x00007FFC1292D000-0x00007FFC1292E000-memory.dmp

Filesize
4KB

Download
memory/2020-188-0x00007FFBD2910000-0x00007FFBD2920000-memory.dmp

Filesize
64KB

Download
memory/2020-191-0x00007FFBD2910000-0x00007FFBD2920000-memory.dmp

Filesize
64KB

Download
memory/2020-190-0x00007FFBD2910000-0x00007FFBD2920000-memory.dmp

Filesize
64KB

Download
memory/2020-189-0x00007FFBD2910000-0x00007FFBD2920000-memory.dmp

Filesize
64KB

Download
memory/2020-192-0x00007FFC12890000-0x00007FFC12A85000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads