Analysis
-
max time kernel
146s -
max time network
25s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
11-07-2020 07:18
General
-
Target
documento ufficiale,07.20.doc
-
Size
147KB
-
MD5
29d55324310c106a92fd0e1b422b39de
-
SHA1
d87feba63dab58c4754c205b1c3cda9169d9a274
-
SHA256
604d7046297dcbf29e1e3a53ecf27136c4e39b2e36fe2314559f380b564ff7b4
-
SHA512
5b478c89aebec5d85723e9b6e84115514e0e8c60a589b7426169ca147dbc97d4357ef9283ee42d33a7fcde215350ea951f2e2d4ecc228f8d85926937c48f3ac6
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\documento ufficiale,07.20.doc"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" wG.tmp2⤵
- Process spawned unexpected child process
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1052-3-0x0000000000000000-mapping.dmp