Overview

overview

10

Static

static

certificat...20.doc

windows7_x64

10

certificat...20.doc

windows10_x64

1

Analysis

  • max time kernel
    111s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    11-07-2020 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    certificato_07.08.2020.doc

  • Size

    134KB

  • MD5

    212e1d537b4335f22f19efd8255f0e45

  • SHA1

    a399e390cc926727ee79eff1893ca317ca379cbd

  • SHA256

    dcfb8f77847d724370d6688b004e2dc005ca02fc1c9f5665896d43f546174620

  • SHA512

    7824d67e4c09cff9157db5eeaa8309da3c38941fac5e191d4f27ce618bf4280929576251ee46617c3966e7875cc1ff13366f18198e34a787cb02a172f8b4945d

Score
10/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Suspicious use of WriteProcessMemory 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present

Processes

  • C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\certificato_07.08.2020.doc"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1044
    • C:\Windows\system32\regsvr32.exe
      regsvr32 c:\programdata\15841.jpg
      2⤵
      • Process spawned unexpected child process
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads