Analysis

  • max time kernel
    69s
  • max time network
    14s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-03-2021 10:14

General

  • Target

    info (2).doc

  • Size

    36KB

  • MD5

    fed40d2c7fd54c4bb79af4d7aeed141e

  • SHA1

    ffa20af1ec10ac49e54526205e1b168508b72f77

  • SHA256

    8014c0158f80dd74af4b84df47bd058a8b14ec874b74cdfa765ce592f3db4e85

  • SHA512

    6a8a75818b7dc06d2696819b350f1af0521d5e070d7cc3f3560dbd1f9c68e3dfbb5ca4e9c6cf48959418468d8377fc6d78585a9e152f704fcce09ba0158f54e0

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\info (2).doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:372
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1180
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1776
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1324

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Defense Evasion

    Modify Registry

    1
    T1112

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/372-2-0x0000000072881000-0x0000000072884000-memory.dmp
      Filesize

      12KB

    • memory/372-3-0x0000000070301000-0x0000000070303000-memory.dmp
      Filesize

      8KB

    • memory/372-4-0x000000005FFF0000-0x0000000060000000-memory.dmp
      Filesize

      64KB

    • memory/1180-5-0x0000000000000000-mapping.dmp
    • memory/1180-6-0x000007FEFBCD1000-0x000007FEFBCD3000-memory.dmp
      Filesize

      8KB

    • memory/1324-8-0x0000000000000000-mapping.dmp
    • memory/1324-9-0x00000000765E1000-0x00000000765E3000-memory.dmp
      Filesize

      8KB

    • memory/1804-7-0x000007FEF6350000-0x000007FEF65CA000-memory.dmp
      Filesize

      2.5MB