Analysis
-
max time kernel
141s -
max time network
36s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
29-05-2020 18:31
General
-
Target
legislate_05.27.2020.doc
-
Size
73KB
-
MD5
44cc5fae2c2016f5d444fc53d42a49ca
-
SHA1
b524d88fc10b401530f2608810ec0e4ce883cf76
-
SHA256
d76bdd6ea01c66c323dcc781e1d4a4e7470337f72aeedfd5b184fee9c97ca953
-
SHA512
81ba7f9e0135232d1e72ea6e05eeaa8edfd87e541420d188b6923221eb1e6dcb2ffe90bbecd11ed652afedcb12b7f607788ad8cca014445df1a809a277772abc
Score
10/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\legislate_05.27.2020.doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\Regsvr32.exeRegsvr32 c:\programdata\45628125.dat2⤵
- Process spawned unexpected child process
- Suspicious behavior: GetForegroundWindowSpam