Analysis
-
max time kernel
149s -
max time network
6s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
30-06-2020 17:42
Static task
static1
Behavioral task
behavioral1
Sample
e-vote_form 490.57.607 .doc
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
e-vote_form 490.57.607 .doc
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
e-vote_form 490.57.607 .doc
-
Size
159KB
-
MD5
2724b111225ce89b723ab445ed056c58
-
SHA1
d9b04721b2f7b832abc3fb78f3aa969bf1401ef8
-
SHA256
97911a67667e73c0c1628e2b441dd6f9ced9f142e87665e9c2f23d56c87b919c
-
SHA512
3b95691fd43a48f504d37b36e3a7c31dfddf09c94f3b45f19e0f7d5d1b53c0442c7a537167950fe741cf0a25cda2b00e9c907da2b1b32caacfcc528c373303b9
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
WINWORD.EXEpid process 1360 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
WINWORD.EXEpid process 1360 WINWORD.EXE 1360 WINWORD.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WINWORD.EXEpid process 1360 WINWORD.EXE -
Office loads VBA resources, possible macro or embedded object present
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\e-vote_form 490.57.607 .doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: GetForegroundWindowSpam