Analysis
-
max time kernel
131s -
max time network
27s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
09/07/2020, 15:07
General
-
Target
e6625525c973bb4304585038917d2a00691c56ce613f2f92b848d45238f3260e.doc
-
Size
134KB
-
MD5
0061b8f9266262024f9a57bd80ae5e90
-
SHA1
dcc6f86636d86a533a879b287af97f03b71c75f1
-
SHA256
e6625525c973bb4304585038917d2a00691c56ce613f2f92b848d45238f3260e
-
SHA512
30491b1d2b98e207eca053f6e9575098d0282daab1095ca0717c05132122a93cbb988c56b164557f6bc6c367615baf751876642dd605aa2b6338031ed30e3050
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\e6625525c973bb4304585038917d2a00691c56ce613f2f92b848d45238f3260e.doc"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\regsvr32.exeregsvr32 c:\programdata\21850.jpg2⤵
- Process spawned unexpected child process
- Suspicious behavior: GetForegroundWindowSpam
-