Analysis
-
max time kernel
146s -
max time network
41s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
09/07/2020, 15:07
General
-
Target
bf79a1b5281f5e1daa76040f07ae77ec623afecc33d8736bc504df901c0186d0.doc
-
Size
147KB
-
MD5
77515a3c10facf55dff7f8f2de7cc110
-
SHA1
2c841e96f7a61f0578c44cd42a421f08c6d5291f
-
SHA256
bf79a1b5281f5e1daa76040f07ae77ec623afecc33d8736bc504df901c0186d0
-
SHA512
8c58cf12e3e81dcd09eee6ec65a2f4b79b2df747210dd73408bd4c9f814ab6fcda9131502220f4c878f858912a9edbb3d7c3ae3307cb3f02862e1d21bea51f3a
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\bf79a1b5281f5e1daa76040f07ae77ec623afecc33d8736bc504df901c0186d0.doc"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" Nv.tmp2⤵
- Process spawned unexpected child process
- Suspicious behavior: GetForegroundWindowSpam
-