Analysis
-
max time kernel
127s -
max time network
25s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
11-07-2020 07:24
General
-
Target
raccontare.07.08.2020.doc
-
Size
134KB
-
MD5
bcc82032ede3c935fd6e7c1deb1ad072
-
SHA1
33e69f3c2a77b369421bbd315f5ed2d2e94160a2
-
SHA256
2b276d5638fef9e9774853b42fe3626c15a13653423c2da87638f725b687696b
-
SHA512
aa491163724907095ca85bced842f203e70c843f0d1eeb1b10bfd8f81684169297ee92f07de2451f03f1463075ca51795446fcc5faacdc0dd67971edbbc0cb52
Score
10/10
Malware Config
Signatures
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\raccontare.07.08.2020.doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32 c:\programdata\64632.jpg2⤵
- Process spawned unexpected child process
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\??\c:\programdata\64632.jpg
-
memory/1116-3-0x0000000000000000-mapping.dmp
