Overview

overview

6

Static

static

5d7c07035e...8.dotm

windows7_x64

4

5d7c07035e...8.dotm

windows10-2004_x64

6

Analysis

  • max time kernel
    131s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    18-03-2022 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d7c07035e5257a64d546e69112d17d2eab977cca23e225cfcfc8ac59334aa78.dotm

  • Size

    21KB

  • MD5

    da9816b60d9866b1b6d90a8e20e39623

  • SHA1

    685b49e2e1855f4a8b455a5969e4df02f5c75356

  • SHA256

    5d7c07035e5257a64d546e69112d17d2eab977cca23e225cfcfc8ac59334aa78

  • SHA512

    8a3b8170eae3eb81017696f3fb3485981752cf0520a9d9ff141db08a6b2b262defd440a407e91afd3599fdaca849cba487fe8209b6f001db0cf8469a5e431288

Score
6/10

Malware Config

Signatures

  • Process spawned suspicious child process 1 IoCs

    This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\5d7c07035e5257a64d546e69112d17d2eab977cca23e225cfcfc8ac59334aa78.dotm" /o ""
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE
      "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 3788
      2⤵
      • Process spawned suspicious child process
      • Suspicious use of WriteProcessMemory
      PID:4600
      • C:\Windows\system32\dwwin.exe
        C:\Windows\system32\dwwin.exe -x -s 3788
        3⤵
        • Checks processor information in registry
        • Enumerates system info in registry
        PID:4644

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1852-130-0x00007FFE472D0000-0x00007FFE472E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1852-131-0x00007FFE472D0000-0x00007FFE472E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1852-132-0x00007FFE472D0000-0x00007FFE472E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1852-133-0x00007FFE472D0000-0x00007FFE472E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1852-134-0x00007FFE472D0000-0x00007FFE472E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1852-135-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-136-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-137-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-138-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-139-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-140-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-141-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-142-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-143-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-145-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-144-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-146-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-147-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-148-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-149-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-150-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-151-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1852-157-0x00000288F95DF000-0x00000288F95E0000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1852-158-0x00000288F953E000-0x00000288F953F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4600-159-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4600-160-0x00007FFE472D0000-0x00007FFE472E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4600-161-0x00007FFE472D0000-0x00007FFE472E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4600-162-0x00007FFE472D0000-0x00007FFE472E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4600-163-0x00007FFE472D0000-0x00007FFE472E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4600-164-0x00007FFE87250000-0x00007FFE87445000-memory.dmp

    Filesize

    2.0MB

    Download