Overview

overview

10

Static

static

8

rep_377402...87.doc

windows7_x64

1

rep_377402...87.doc

windows10_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    23-11-2020 11:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rep_37740235757282600901387.doc

  • Size

    175KB

  • MD5

    5c879823a2a6ee415f4c773d55a0d680

  • SHA1

    280168469b69cb8b0d8cba43378d72fa9b33a146

  • SHA256

    fd63dec89395fb5024155fdfa24256fc31add9f974f2870e11fef458790d425f

  • SHA512

    0e57ad0252433edcdbe98154b0e0c827d15f6147d9d623371d03072b89fdec74dc14d7b8292ce4de04cb8bd0b32f982c68c49815551ea7fbc0253b7b62b4e822

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\rep_37740235757282600901387.doc"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:756

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads