Analysis

  • max time kernel
    133s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    30-04-2021 16:02

General

  • Target

    e9251e1f_by_Libranalysis.doc

  • Size

    10KB

  • MD5

    e9251e1f304381e9bfcd08dbfd576ce5

  • SHA1

    dcee651dbfb6f9154a3b4170a65d88c9905fa031

  • SHA256

    2af39f18d2425772d604b14a66fa078ba7b2e7c1b252d9b9d6700f50023f72d2

  • SHA512

    a0bbe31458b3043258a0383045ca00bdc34ff217c01ffdc2159d80b5755f72d5967e7d79f386d89bc766f222194dc52cef8021b42aad9b8443ff50296cad5a0f

Score
7/10

Malware Config

Signatures

  • Abuses OpenXML format to download file from external location 2 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\e9251e1f_by_Libranalysis.doc"
    1⤵
    • Abuses OpenXML format to download file from external location
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:684

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/684-60-0x00000000724F1000-0x00000000724F4000-memory.dmp
    Filesize

    12KB

  • memory/684-61-0x000000006FF71000-0x000000006FF73000-memory.dmp
    Filesize

    8KB

  • memory/684-62-0x000000005FFF0000-0x0000000060000000-memory.dmp
    Filesize

    64KB