Analysis
-
max time kernel
67s -
max time network
43s -
platform
windows7_x64 -
resource
win7v200722 -
submitted
31-07-2020 13:23
General
-
Target
SP0728.rtf
-
Size
1.6MB
-
MD5
e5b15619b70d6e96af783327dc79eda7
-
SHA1
a30a260cb9c9d3193dc71d580d09656dd5c0f4e1
-
SHA256
7609034e7473869b3a5767f9543b6067998f4db68e3ba26966c115535337337f
-
SHA512
f560fa4d1e3c0d9a1075b82972226682971d942c6db824772cfcd29c1c3baf4aac7e2cbea9f479c1aecf00162a6b01f98ab6aecbcd58deaffa26f9bcc68b954a
Score
7/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Loads dropped DLL 1 IoCs
-
Launches Equation Editor 1 TTPs 1 IoCs
Equation Editor is an old Office component often targeted by exploits such as CVE-2017-11882.
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SP0728.rtf"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding1⤵
- Loads dropped DLL
- Launches Equation Editor
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\muka.dll
-
C:\Users\Admin\AppData\Local\Temp\scmv
-
\Users\Admin\AppData\Local\Temp\muka.dll
-
memory/1060-0-0x00000000025F0000-0x00000000025F4000-memory.dmpFilesize
16KB