0c401d88ca37c0f3082c17b31112b79a9bbc08224e9566e9daf130ed07f25e15

Analysis

max time kernel
68s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20/02/2025, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Udmarchen/specklessness.doc
Size

397KB
MD5

20108545afc650a1f43d483971760f55
SHA1

1986b56f0dbad72fc093bbb384ae7c9a01efeb95
SHA256

119e43c5cd9c43ff31e82f9bf6711dd4f488e5a450e1acfcac87c19cc0c6fff7
SHA512

dd89cfbb13b373d87c144f3788b9e5e037e308c9af45d78f10cd74707d5ce86d91a7a493431be7d4c896cc7f95ee0d48ae5307f46272ddba3d64c910b578bbe8
SSDEEP

1536:23sQmlZgy2I3m6/jsf63QEbm3VDClp5BFUOWCTcN/aQYdLq/iTv8cTynJB17eJsw:KTyLuCpMrBodKCra6ZM4hJ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2608	WINWORD.EXE

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE
2608	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Udmarchen\specklessness.doc"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2608-0-0x000000002F0F1000-0x000000002F0F2000-memory.dmp

Filesize
4KB

Download
memory/2608-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2608-2-0x000000007104D000-0x0000000071058000-memory.dmp

Filesize
44KB

Download
memory/2608-4-0x000000007104D000-0x0000000071058000-memory.dmp

Filesize
44KB

Download