Analysis
-
max time kernel
71s -
max time network
17s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
20-11-2020 18:34
General
-
Target
poste me.docx
-
Size
234KB
-
MD5
a52f50ea65ed44d306023f600f4632ab
-
SHA1
4546852d349aee3008aa8585f3bbe9c341a26d89
-
SHA256
51d630d812b5192e12e69f5bd4334cf1ed840ce8c659e403e30790d16ff86497
-
SHA512
942b4839ffcf40555834766a21f53839f2e78dbb6aa82b6d7c84356a813ed0922ed9466e5c968c49ad205a94a25c73398c9ddebfafc732b4fb5f41d17e53c1e4
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\poste me.docx"1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1336-0-0x0000000000000000-mapping.dmp