Analysis
-
max time kernel
115s -
max time network
120s -
platform
windows7_x64 -
resource
win7 -
submitted
11-07-2020 07:23
General
-
Target
certificato-07.08.20.doc
-
Size
134KB
-
MD5
0a1f37db056ff83c5161a2604fc0f978
-
SHA1
9ff7afd9002eafe4c409dfaadde932fb5400666f
-
SHA256
340997943546e3a333e84ca3764f721b48218557389534beebe4a2ab13b968d4
-
SHA512
a0c2d9aeb70660964d0bf8c01a25cf3f5c4d1012270663403ad54029b064000b5afdb989f2f3be2f00673f5384fcadd31716dc405dd7f3295523576ce0563217
Score
10/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\certificato-07.08.20.doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32 c:\programdata\64974.jpg2⤵
- Process spawned unexpected child process
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\??\c:\programdata\64974.jpg
-
memory/1124-5-0x00000000070E0000-0x00000000072E0000-memory.dmpFilesize
2.0MB
-
memory/1484-6-0x0000000000000000-mapping.dmp
