Overview

overview

1

Static

static

document

windows7_x64

1

Resubmissions

13-02-2020 18:49

200213-1rnt9xv6f2 1

13-02-2020 18:42

200213-bsz7jwmhe6 1

13-02-2020 18:39

200213-zffwcb2g7j 1

Analysis

  • max time kernel
    229s
  • max time network
    88s
  • platform
    windows7_x64
  • resource
    win7v200213
  • submitted
    13-02-2020 18:42

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Form.docm

  • Size

    260KB

  • MD5

    c2b48d21764b195fb0ebbdd3d1bdd89a

  • SHA1

    d8ca2aaba616f0281255a10634b6c4e17bb59336

  • SHA256

    186ec909dc32c982ab4bd6b257bb25a2726df856d4cf6c829e06683c352c92b2

  • SHA512

    c975a51bcf4cef1c345fcdadc59bd6b78ceeb96179b1c9621ef6070848f8452d8235b1d66223154edc7106cbe5d800e538a436c51e09f3828bf801849f740705

Score
1/10

Malware Config

Signatures

  • Suspicious use of SendNotifyMessage 78 IoCs
  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 78 IoCs

Processes

  • C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Form.docm"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1992
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Suspicious use of SendNotifyMessage
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1992-0-0x0000000004C70000-0x0000000004C74000-memory.dmp
    Filesize

    16KB

    Download