2d845bd6662e7449f4db7a922e67c665df70cd045af48e2cb3d689a5d0004b2f

Analysis

max time kernel
71s
max time network
22s
platform
windows7_x64
resource
win7v20201028
submitted
25-02-2021 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d845bd6662e7449f4db7a922e67c665df70cd045af48e2cb3d689a5d0004b2f.bin.doc
Size

24KB
MD5

c5354a491815c511ca8f786a0824ccc7
SHA1

acf9251708fa91ee605d2a03bf39457f16cecb3d
SHA256

2d845bd6662e7449f4db7a922e67c665df70cd045af48e2cb3d689a5d0004b2f
SHA512

06a6c32cc8b37c0d965365dd18344556b10cc8f736d1a40b4ca45aaa26bf8164bba72dfeba4057ba208cb6da8f5f486b4fd2b0744d558bbee8643e718ff4ea30

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

WINWORD.EXE

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log WINWORD.EXE
Office loads VBA resources, possible macro or embedded object present

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

WINWORD.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

WINWORD.EXE

pid process

1856 WINWORD.EXE
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

WINWORD.EXE

pid process

1856 WINWORD.EXE
1856 WINWORD.EXE

pid	process
1856	WINWORD.EXE

pid	process
1856	WINWORD.EXE
1856	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\2d845bd6662e7449f4db7a922e67c665df70cd045af48e2cb3d689a5d0004b2f.bin.doc"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1856

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1856-2-0x0000000072CD1000-0x0000000072CD4000-memory.dmp

Filesize
12KB

Download
memory/1856-3-0x0000000070751000-0x0000000070753000-memory.dmp

Filesize
8KB

Download
memory/1856-4-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1856-5-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-7-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-9-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-10-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-11-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-12-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-14-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-16-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-18-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-20-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-22-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-24-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-26-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-28-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-30-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-32-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-34-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-36-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-38-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-40-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-42-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-44-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-46-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-48-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-49-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-50-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-51-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-52-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-53-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-55-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-57-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-59-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-61-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-63-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-65-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-67-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-69-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-71-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-73-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-75-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-77-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-79-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-81-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-83-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-85-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-87-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-89-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-91-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-93-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-95-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-97-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-99-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-101-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-103-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-105-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-107-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-109-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-111-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-113-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-115-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-117-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-119-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-121-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-123-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-125-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-127-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-129-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-131-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-133-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-135-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-137-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-139-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-141-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-143-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-145-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-147-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-149-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-151-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-153-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-155-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-157-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-159-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-161-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-163-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-165-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-167-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-169-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-171-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-173-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-175-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-177-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-179-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-181-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-183-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1856-185-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download