Analysis
-
max time kernel
114s -
max time network
121s -
platform
windows7_x64 -
resource
win7 -
submitted
07-07-2020 06:53
General
-
Target
178P.rtf
-
Size
1.7MB
-
MD5
1d1fb7aba66794303afc6b5420068231
-
SHA1
042c07e7db1ab01b066bd1f2c042cb652e1fc5df
-
SHA256
1e6e568e2fccfeb2e0275982d5637e0be6d0ba4575685126d957061bf2d19678
-
SHA512
adc76dbc32fe6e556e430e9895d3cb6b1bae4b4db7b4734790e0c67c7ef9210285ac840db06c688250f1d075ad64c174ecd699ae029ac273a2ae210a261974c8
Score
7/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Loads dropped DLL 1 IoCs
-
Launches Equation Editor 1 TTPs 1 IoCs
Equation Editor is an old Office component often targeted by exploits such as CVE-2017-11882.
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\178P.rtf"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding1⤵
- Loads dropped DLL
- Launches Equation Editor
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\velky
-
C:\Users\Admin\AppData\Local\Temp\vetu.dll
-
\Users\Admin\AppData\Local\Temp\vetu.dll
-
memory/740-0-0x00000000065F0000-0x00000000065F4000-memory.dmpFilesize
16KB