Analysis
-
max time kernel
112s -
max time network
117s -
platform
windows7_x64 -
resource
win7 -
submitted
17/07/2020, 05:42
General
-
Target
313153794cb2d8fba9ca9ee6facab812f5150df9214b611f2d286add9d6a4556.doc
-
Size
14KB
-
MD5
3725d86ec57e6b6c881a650376c5f109
-
SHA1
7875ce1aa6c9c877419db6c259fc220443e5d17e
-
SHA256
313153794cb2d8fba9ca9ee6facab812f5150df9214b611f2d286add9d6a4556
-
SHA512
a6e5a6da02f80a57a99a80644af32438f3177cf9dd506263620500ef90ca23f17e237da0a6e0eb612af25edaccee054e566311d23dbc6f6e6a17c7b11f29584b
Score
8/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Blacklisted process makes network request 1 IoCs
-
Launches Equation Editor 1 TTPs 1 IoCs
Equation Editor is an old Office component often targeted by exploits such as CVE-2017-11882.
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\313153794cb2d8fba9ca9ee6facab812f5150df9214b611f2d286add9d6a4556.doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding1⤵
- Blacklisted process makes network request
- Launches Equation Editor