Resubmissions
04-12-2020 23:26
201204-em2p576lje 404-12-2020 23:21
201204-djhepqlp7s 704-12-2020 23:16
201204-np79pl4zy2 7Analysis
-
max time kernel
93s -
max time network
93s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
04-12-2020 23:26
General
-
Target
view page source hybrid.rtf
-
Size
46KB
-
MD5
4dfa2438ea66e13ccd84afca3c410be4
-
SHA1
9e131830c70fe743b0625637fa407cad525811f5
-
SHA256
187441262398983e2bf4672e06325e247537e083f9dcf384762858307cc5c8df
-
SHA512
218ce0bdbf2011864ea3d7b6b733ceadb8c4f93c180fca371c0fb79b8514843dff30c54b483d17e5b9c3743f347e5761ee3fae3d1c8a0d1e5b18cc76fcff277c
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\view page source hybrid.rtf"1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1976-2-0x0000000000000000-mapping.dmp