Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01-02-2022 05:01
Behavioral task
behavioral1
Sample
9497ab22b6d165847ec059d354a69792600dcd41090e7f652a630f901add7040.doc
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
9497ab22b6d165847ec059d354a69792600dcd41090e7f652a630f901add7040.doc
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
9497ab22b6d165847ec059d354a69792600dcd41090e7f652a630f901add7040.doc
-
Size
377KB
-
MD5
ee4634fd220397f140a5c7ed5c0ec136
-
SHA1
a3f08624ea3e4875343e8cd9599057db9ffd6b82
-
SHA256
9497ab22b6d165847ec059d354a69792600dcd41090e7f652a630f901add7040
-
SHA512
daf663b6f6c9ccf86eb77710d48eae55651130f98e34ddb357f6c70ea477a33fc14db34266d1d914b1c4df82b6e309a701d4e3a9f4a4c563a47ccefeb7ea7dd3
Score
1/10
Malware Config
Signatures
-
Processes:
WINWORD.EXEdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
WINWORD.EXEpid process 1476 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 21 IoCs
Processes:
WINWORD.EXEpid process 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE 1476 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\9497ab22b6d165847ec059d354a69792600dcd41090e7f652a630f901add7040.doc"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1476