9e69d44ac094cb6148a2f76c3af9e98795961e4f3092156adf2f9f3f02d5b162

Analysis

max time kernel
133s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e69d44ac094cb6148a2f76c3af9e98795961e4f3092156adf2f9f3f02d5b162.rtf
Size

89KB
MD5

db14a63f71b27da34d0f221d87ac1291
SHA1

29249b89a4ccf8b4df4c4888ae458ac6a061778e
SHA256

9e69d44ac094cb6148a2f76c3af9e98795961e4f3092156adf2f9f3f02d5b162
SHA512

8b41bc9659ada2583371a652879ab893264fef3c84a4f64af51f5bf8934b28c3a94cf258e236853b4c8e3ac01f34beb539a0c61331a14ac1818dd91d27a8d114
SSDEEP

384:Dc8eDL2RPGW9cNNwKuE0MAidWe2onXYCqWzhwnC2ibxiW9KbFRDT+Raxt/Q:Dc8XPoN+KuUxLE2eTpQ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3436	WINWORD.EXE
3436	WINWORD.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3436	WINWORD.EXE
3436	WINWORD.EXE
3436	WINWORD.EXE
3436	WINWORD.EXE
3436	WINWORD.EXE
3436	WINWORD.EXE
3436	WINWORD.EXE
3436	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\9e69d44ac094cb6148a2f76c3af9e98795961e4f3092156adf2f9f3f02d5b162.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD325B.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
47b0764d25cd74be505fb144dca17cec

SHA1
ec7f0c13e8401cf39b65966539cdeaf6090eec13

SHA256
2d92fc145f76ada1a30eef24d7d09a489050f609d28149f1a67e40f1e1fd0de3

SHA512
0fa68cf13d7e638bda76e4236682478c2a70a9ef084d04d7e5a48a9799860bb10febdf9918844ff013d97e0290f4ea90868fdee4cc238b9269b22caf0b652093

Download Submit
memory/3436-9-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-11-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-4-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download
memory/3436-5-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-6-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-7-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download
memory/3436-8-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-10-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-12-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-14-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-2-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download
memory/3436-0-0x00007FFD2908D000-0x00007FFD2908E000-memory.dmp

Filesize
4KB

Download
memory/3436-13-0x00007FFCE6E20000-0x00007FFCE6E30000-memory.dmp

Filesize
64KB

Download
memory/3436-16-0x00007FFCE6E20000-0x00007FFCE6E30000-memory.dmp

Filesize
64KB

Download
memory/3436-17-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-15-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-31-0x00007FFD2908D000-0x00007FFD2908E000-memory.dmp

Filesize
4KB

Download
memory/3436-32-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-33-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-37-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/3436-3-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download
memory/3436-1-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads