Analysis
-
max time kernel
133s -
max time network
141s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
30-04-2021 16:02
General
-
Target
e9251e1f_by_Libranalysis.doc
-
Size
10KB
-
MD5
e9251e1f304381e9bfcd08dbfd576ce5
-
SHA1
dcee651dbfb6f9154a3b4170a65d88c9905fa031
-
SHA256
2af39f18d2425772d604b14a66fa078ba7b2e7c1b252d9b9d6700f50023f72d2
-
SHA512
a0bbe31458b3043258a0383045ca00bdc34ff217c01ffdc2159d80b5755f72d5967e7d79f386d89bc766f222194dc52cef8021b42aad9b8443ff50296cad5a0f
Score
7/10
Malware Config
Signatures
-
Abuses OpenXML format to download file from external location 2 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\e9251e1f_by_Libranalysis.doc"1⤵
- Abuses OpenXML format to download file from external location
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/684-60-0x00000000724F1000-0x00000000724F4000-memory.dmpFilesize
12KB
-
memory/684-61-0x000000006FF71000-0x000000006FF73000-memory.dmpFilesize
8KB
-
memory/684-62-0x000000005FFF0000-0x0000000060000000-memory.dmpFilesize
64KB