Analysis
-
max time kernel
149s -
max time network
76s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
11-07-2020 07:24
Static task
static1
Behavioral task
behavioral1
Sample
dettagli_07.08.20.doc
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
dettagli_07.08.20.doc
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
dettagli_07.08.20.doc
-
Size
134KB
-
MD5
cc8a00a497aa20cfe432314231f81b30
-
SHA1
2e63100085cc0accb27c88cdee0425e6ec1d5b1b
-
SHA256
105011fc6a1daea55f9b2fad420e1f0df7d95f17dd8e838613f27efdc22fef9b
-
SHA512
c2c2dfb92c8e2236b110e4d14c8ba1cfde00e59c23b51945d259d4d2382b5770e608b5e6d7448f7328b6df9a99c1a003ff3f244a21f18deed6515fa1f81c1336
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
WINWORD.EXEpid process 1296 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 16 IoCs
Processes:
WINWORD.EXEpid process 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE 1296 WINWORD.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WINWORD.EXEpid process 1296 WINWORD.EXE -
Office loads VBA resources, possible macro or embedded object present
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\dettagli_07.08.20.doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: GetForegroundWindowSpam