Analysis
-
max time kernel
117s -
max time network
124s -
platform
windows7_x64 -
resource
win7 -
submitted
09/07/2020, 10:44
General
-
Target
47cae2f88638137023618f35138504964f5bb45d2d47e8e8a63af6362605f130.doc
-
Size
147KB
-
MD5
1ba37d065e4cad9c85808d23e4b52975
-
SHA1
1e8f592db3fed8be64050090b41d1f8b99f347b6
-
SHA256
47cae2f88638137023618f35138504964f5bb45d2d47e8e8a63af6362605f130
-
SHA512
3d25d29c8b75f63a2730c0feae4c8a640d0feba19e6ab2079cf5b3ce8f6c9a73845f7475f5141b857f9e94dffcdb923537e91ee20cdf917f444f0160b93cbd52
Score
10/10
Malware Config
Signatures
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\47cae2f88638137023618f35138504964f5bb45d2d47e8e8a63af6362605f130.doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" o.tmp2⤵
- Process spawned unexpected child process
- Suspicious behavior: GetForegroundWindowSpam
-