Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-11-2020 11:54
Static task
static1
Behavioral task
behavioral1
Sample
rep_37740235757282600901387.doc
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
rep_37740235757282600901387.doc
-
Size
175KB
-
MD5
5c879823a2a6ee415f4c773d55a0d680
-
SHA1
280168469b69cb8b0d8cba43378d72fa9b33a146
-
SHA256
fd63dec89395fb5024155fdfa24256fc31add9f974f2870e11fef458790d425f
-
SHA512
0e57ad0252433edcdbe98154b0e0c827d15f6147d9d623371d03072b89fdec74dc14d7b8292ce4de04cb8bd0b32f982c68c49815551ea7fbc0253b7b62b4e822
Score
1/10
Malware Config
Signatures
-
Office loads VBA resources, possible macro or embedded object present
-
Processes:
WINWORD.EXEdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
WINWORD.EXEpid process 756 WINWORD.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WINWORD.EXEpid process 756 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
WINWORD.EXEpid process 756 WINWORD.EXE 756 WINWORD.EXE 756 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\rep_37740235757282600901387.doc"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx