Analysis

  • max time kernel
    60s
  • max time network
    9s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-03-2021 10:05

General

  • Target

    sample.ppt

  • Size

    224KB

  • MD5

    887fae5b37ce87fa027dfcc8ceea77d4

  • SHA1

    4483e5d6307f0e6e9f6193afba280d1d43d7b271

  • SHA256

    0fddb5b02497d530f81a3904594febfe7e8d39240639a54360b596e531cd91aa

  • SHA512

    910053abe92868e581dc0857db7fc1fefd9331cd3487404b5373a9513ad4b0bffd203d686baf26e01f14451f13254f77d4ca5ad1db3b04fb9e74f800a0388422

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\sample.ppt"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1384

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Defense Evasion

    Modify Registry

    1
    T1112

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1384-5-0x0000000000000000-mapping.dmp
    • memory/1384-6-0x000007FEFB541000-0x000007FEFB543000-memory.dmp
      Filesize

      8KB

    • memory/1932-2-0x0000000073BA1000-0x0000000073BA5000-memory.dmp
      Filesize

      16KB

    • memory/1932-3-0x0000000070BA1000-0x0000000070BA3000-memory.dmp
      Filesize

      8KB

    • memory/1932-4-0x000000005FFF0000-0x0000000060000000-memory.dmp
      Filesize

      64KB

    • memory/1932-7-0x0000000001E40000-0x0000000001E41000-memory.dmp
      Filesize

      4KB