7a3b1e9c8df660dc1c1cf9b17411c1d6a4ffca364712c5de8ac46b1199ece1ce

Analysis

max time kernel
137s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/11/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

errr.dotm
Size

14KB
MD5

15320db9003264c8ce3a7356030746a8
SHA1

db6c48cb0b2ea475602ee20bd10d6be192da4a37
SHA256

ed057ee336974e52d68f2eb5278c7d61fdbfff8f388e287d4c8c09bd2eed0a2f
SHA512

608015f8c7ede90b8859fe2c2838322db98e78ff1e369d1a3019cbfb8d279ca515e2494e0d6946d17cdbed1582faeac2ce2bd53eadbe45751dba542794b0a758
SSDEEP

384:tmtl4pb+aVHXwnSC78Qot2J6akwLWdxd36UbYB3ho:ql4pq6El8Qojakw6L0M

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4128	WINWORD.EXE
4128	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4128	WINWORD.EXE
4128	WINWORD.EXE
4128	WINWORD.EXE
4128	WINWORD.EXE
4128	WINWORD.EXE
4128	WINWORD.EXE
4128	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\errr.dotm" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
90e491fde30f46b3b66348b549db80bf

SHA1
62e2e4a1f87ea4b61e218ecb5c21f669e933f3be

SHA256
c44019c6fcc4f6107fa82e54dc5c2ea395d0d7419668a2810711b54b5fafacd4

SHA512
c6376f45328a87b8803c63f0bc78e0468532fb2ed05ded2dd6cfb4b0f93a6b62dad737bbafedddb5590a100dffdc256615d7ac4a6f3f75e67bee3e639ee1f42e

Download Submit
memory/4128-13-0x00007FF97DB00000-0x00007FF97DB10000-memory.dmp

Filesize
64KB

Download
memory/4128-19-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-3-0x00007FF980250000-0x00007FF980260000-memory.dmp

Filesize
64KB

Download
memory/4128-0-0x00007FF980250000-0x00007FF980260000-memory.dmp

Filesize
64KB

Download
memory/4128-5-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-6-0x00007FF980250000-0x00007FF980260000-memory.dmp

Filesize
64KB

Download
memory/4128-7-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-10-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-9-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-12-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-15-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-16-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-14-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-1-0x00007FF9C026D000-0x00007FF9C026E000-memory.dmp

Filesize
4KB

Download
memory/4128-4-0x00007FF980250000-0x00007FF980260000-memory.dmp

Filesize
64KB

Download
memory/4128-20-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-11-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-18-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-17-0x00007FF97DB00000-0x00007FF97DB10000-memory.dmp

Filesize
64KB

Download
memory/4128-8-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-22-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-21-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-38-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-37-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-44-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-45-0x00007FF9C026D000-0x00007FF9C026E000-memory.dmp

Filesize
4KB

Download
memory/4128-46-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download
memory/4128-2-0x00007FF980250000-0x00007FF980260000-memory.dmp

Filesize
64KB

Download
memory/4128-52-0x00007FF9C01D0000-0x00007FF9C03C5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads