4060463d50360718740df83648d11567cf0a9c6364ec97d7e16204c4d171a0e5 | Triage

Analysis

max time kernel
112s
max time network
121s
resource
win7v191014

Sharing

General

Target

Docs_bbea066160cdad85d59d474078ba235f.doc?email=
Sample

191112-bh8gp92dy6
SHA256

4060463d50360718740df83648d11567cf0a9c6364ec97d7e16204c4d171a0e5

Score

N/A

Malware Config

Signatures

Drops Office document 2 IoCs

dropper exploiter maldoc

Processes:

WINWORD.EXE

description	ioc	pid	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm	1552	WINWORD.EXE
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm	1552	WINWORD.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

WINWORD.EXE

pid process

1552 WINWORD.EXE
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

WINWORD.EXE

pid process

1552 WINWORD.EXE
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

WINWORD.EXE

pid process

1552 WINWORD.EXE

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "payload.dat"
1⤵
- Drops Office document
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1552-0-0x0000000006050000-0x0000000006054000-memory.dmp

Filesize
16KB

Download
memory/1552-1-0x0000000000374000-0x0000000000378000-memory.dmp

Filesize
16KB

Download
memory/1552-2-0x0000000000374000-0x0000000000378000-memory.dmp

Filesize
16KB

Download
memory/1552-3-0x0000000000378000-0x0000000000380000-memory.dmp

Filesize
32KB

Download