Analysis
-
max time kernel
111s -
max time network
117s -
platform
windows7_x64 -
resource
win7 -
submitted
11-07-2020 07:23
General
-
Target
certificato_07.08.2020.doc
-
Size
134KB
-
MD5
212e1d537b4335f22f19efd8255f0e45
-
SHA1
a399e390cc926727ee79eff1893ca317ca379cbd
-
SHA256
dcfb8f77847d724370d6688b004e2dc005ca02fc1c9f5665896d43f546174620
-
SHA512
7824d67e4c09cff9157db5eeaa8309da3c38941fac5e191d4f27ce618bf4280929576251ee46617c3966e7875cc1ff13366f18198e34a787cb02a172f8b4945d
Score
10/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\certificato_07.08.2020.doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeregsvr32 c:\programdata\15841.jpg2⤵
- Process spawned unexpected child process
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\??\c:\programdata\15841.jpg
-
memory/1076-6-0x0000000000000000-mapping.dmp
