bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd | Triage

Analysis

max time kernel
114s
max time network
119s
platform
windows7_x64
resource
win7
submitted
11/07/2020, 07:37 UTC

Sharing

Report Analysis Logs

General

Target

bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd.doc
Size

245KB
MD5

25507b6c0ce21c0d12c727acb8dc0ef2
SHA1

6f7d5a70d77c2e79a5b526c42bf299f43c21898d
SHA256

bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd
SHA512

76a6e6820d852cb32b2cf3cf064ff370a4b917734d06b21b3a493d9afc8799a8f531b35bd7069b6cfde342b564d886be2656df10ecdc9433629e373d00ccce04

Score

1^/10

Malware Config

Signatures

Office loads VBA resources, possible macro or embedded object present

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1460	WINWORD.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1460	WINWORD.EXE
1460	WINWORD.EXE
1460	WINWORD.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1460	WINWORD.EXE

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd.doc"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: GetForegroundWindowSpam
PID:1460

Network

No results found

192.3.140.203:80

WINWORD.EXE

152 B
120 B
3
3
192.3.140.203:80

WINWORD.EXE

152 B
120 B
3
3

10.7.0.255:138

netbios-dgm

1.3kB
6
224.0.0.252:5355

100 B
2
10.7.0.255:137

netbios-ns

234 B
3
239.255.255.250:1900

966 B
6
239.255.255.250:1900

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads