105011fc6a1daea55f9b2fad420e1f0df7d95f17dd8e838613f27efdc22fef9b | Triage

Analysis

max time kernel
149s
max time network
76s
platform
windows7_x64
resource
win7v200430
submitted
11-07-2020 07:24

Sharing

Report Analysis Logs

General

Target

dettagli_07.08.20.doc
Size

134KB
MD5

cc8a00a497aa20cfe432314231f81b30
SHA1

2e63100085cc0accb27c88cdee0425e6ec1d5b1b
SHA256

105011fc6a1daea55f9b2fad420e1f0df7d95f17dd8e838613f27efdc22fef9b
SHA512

c2c2dfb92c8e2236b110e4d14c8ba1cfde00e59c23b51945d259d4d2382b5770e608b5e6d7448f7328b6df9a99c1a003ff3f244a21f18deed6515fa1f81c1336

Score

1^/10

Malware Config

Signatures

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

WINWORD.EXE

pid process

1296 WINWORD.EXE

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

WINWORD.EXE

pid	process
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE
1296	WINWORD.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

WINWORD.EXE

pid process

1296 WINWORD.EXE
Office loads VBA resources, possible macro or embedded object present

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\dettagli_07.08.20.doc"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: GetForegroundWindowSpam
PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...