Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    01-02-2022 05:01

General

  • Target

    9497ab22b6d165847ec059d354a69792600dcd41090e7f652a630f901add7040.doc

  • Size

    377KB

  • MD5

    ee4634fd220397f140a5c7ed5c0ec136

  • SHA1

    a3f08624ea3e4875343e8cd9599057db9ffd6b82

  • SHA256

    9497ab22b6d165847ec059d354a69792600dcd41090e7f652a630f901add7040

  • SHA512

    daf663b6f6c9ccf86eb77710d48eae55651130f98e34ddb357f6c70ea477a33fc14db34266d1d914b1c4df82b6e309a701d4e3a9f4a4c563a47ccefeb7ea7dd3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\9497ab22b6d165847ec059d354a69792600dcd41090e7f652a630f901add7040.doc"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1476

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1476-54-0x0000000072A51000-0x0000000072A54000-memory.dmp

    Filesize

    12KB

  • memory/1476-55-0x00000000704D1000-0x00000000704D3000-memory.dmp

    Filesize

    8KB

  • memory/1476-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/1476-57-0x00000000758A1000-0x00000000758A3000-memory.dmp

    Filesize

    8KB