Analysis
-
max time kernel
68s -
max time network
23s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
06/02/2022, 21:46
Static task
static1
Behavioral task
behavioral1
Sample
gunky.odp
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
gunky.odp
Resource
win10v2004-en-20220113
0 signatures
0 seconds
Behavioral task
behavioral3
Sample
trainmen.dll
Resource
win7-en-20211208
0 signatures
0 seconds
General
-
Target
gunky.odp
-
Size
33B
-
MD5
4a455289420e873a304701f64709ee06
-
SHA1
e59ec8c5c26ddf855696b4a730382e70f1a767e5
-
SHA256
00e7fa423d51b6d53f30074503c824e372bd04b03938828c5471012facba9c1e
-
SHA512
4a754e5a0e9002efa4b9275bf9aa276b12e551be199701fa90b29406a31b0b554ed3a390583c27335719612e88eb2a8d3d832a0f3129dfd9832f6afea660b16c
Score
1/10
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" POWERPNT.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" POWERPNT.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Toolbar POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt POWERPNT.EXE Key created \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel POWERPNT.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" POWERPNT.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1784 POWERPNT.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1784 POWERPNT.EXE 1784 POWERPNT.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1784 wrote to memory of 1164 1784 POWERPNT.EXE 27 PID 1784 wrote to memory of 1164 1784 POWERPNT.EXE 27 PID 1784 wrote to memory of 1164 1784 POWERPNT.EXE 27 PID 1784 wrote to memory of 1164 1784 POWERPNT.EXE 27
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\gunky.odp"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:1164
-