02ef9794d035e993480a6726cfb677d1547606a2b7920f085c8bc28241338416

Analysis

Target

accordo legale 07.20.doc
Size

134KB
MD5

56d2ecca042c6dfb3dcc47376cdc9a46
SHA1

fa41cc9a706e3120810bf57a67cfe6afe554067d
SHA256

02ef9794d035e993480a6726cfb677d1547606a2b7920f085c8bc28241338416
SHA512

26fec0b94ac563456278251a5d116e406b440894046ecd79ef9c6fa3c25979ae4f332a6821ec6fad0fd198c7d37ce774b4b6f51ea644b23d827b2a6828eef40c

Score

10^/10

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Office14\WINWORD.EXE is not expected to spawn this process	1912	1156	regsvr32.exe	23

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 1912	1156	WINWORD.EXE	26
PID 1156 wrote to memory of 1912	1156	WINWORD.EXE	26
PID 1156 wrote to memory of 1912	1156	WINWORD.EXE	26
PID 1156 wrote to memory of 1912	1156	WINWORD.EXE	26
PID 1156 wrote to memory of 1912	1156	WINWORD.EXE	26

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1912	regsvr32.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1156	WINWORD.EXE

Suspicious use of SetWindowsHookEx 16 IoCs