Overview

overview

5

Static

static

AccountInfo.docx

windows7-x64

5

AccountInfo.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    29-07-2022 00:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AccountInfo.docx

  • Size

    3KB

  • MD5

    7543a106d7ce43878d6a548afca5e110

  • SHA1

    67d6285e8d112e38aede3d1babf357ad398be912

  • SHA256

    290be06f5f8b8f7028b9cac7235dbdab98176a8a0a6fa979af71a221fb095663

  • SHA512

    257db1c1658be2af7f2c46cf6e61e848e4f100a34877363c79ac86123fe3f845074387c7d4bc5f47bfb319b450bdcb6b447391fd9770b076a0579830c07aed9d

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 57 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\AccountInfo.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:788
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1980
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://login.microsoftonline.com/common/oauth2/authorize?client_id=80ccca67-54bd-44ab-8625-4b79c4dc7775&response_type=code%20id_token&scope=openid%20profile&state=OpenIdConnect.AuthenticationProperties%3DLiaUAhkxAzVOPxmqk0JjJTMeEAVQIo_fYpW5r4jgMf756TR1GM9MVYrOFyVB8mLc17gOTrYRQBuEEGJ-wYze2i_7GGS2YMqaQfaXxHdjdAjBnNTb8GpBHcnnbqdfX2Op21snr-HCNjxUiwQ6XmfpMkBupwkE0wR59Zm2f8w2j4jvBSI88sKNW4K_LHjqOq7nn9q83m4lt-jk9fFZ5x5xHrh9OCaLo1n_7lOUsl7jJxFOl1viFpBVOYyK4M4jYMburDXKh9W7ASk9iurlN-xUSvtdmOID0rqqlE8ulNsg7kFvRMPi_9FyWby_D2bYo--vpaLEcOn09Y_hhKU_aA3Y_A&response_mode=form_post&nonce=637946533022931358.ZmNkYzU1MjMtOTBmMC00MTdmLTlkNjgtYjBjYjI2YmY2NTlhNWIyOWQ1NTMtZGM5Ni00MGI3LWE2ZTYtZjJmOTNiMzdlN2M3&client-request-id=92d8386b-a4af-4a19-b066-b5ad7f115287&redirect_uri=https%3A%2F%2Fsecurity.microsoft.com%2F&x-client-SKU=ID_NET461&x-client-ver=6.16.0.0
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1696
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1696 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:276

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      8312a8c55924acb498eb2065064abef0

      SHA1

      e84267dde9a9d636fc6664d8365e3e84ee7f461b

      SHA256

      7f40f9173e52d85b711c82733e5eea69cb6acd1c374637ffa20d35a34926d521

      SHA512

      2e36148608ff656f063c50a0cefd1b955d581bff45e67fa3981da01023108a7e7a9bbc6253c4f48cbfffed45bb70a31bcdd8ec7e63539fc396f42f5588d36fc3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      4bfe267ee0f53dfc067489ae7396c33a

      SHA1

      2504d3c8f1c7a9945255da5a01ffb1e5e1945b02

      SHA256

      3430a47f6a9f2e913afd80b219a85213c6de131abde38b5c8fc6d73d01ade99d

      SHA512

      965b43dea8434763d101a254ceb38d480dffdb53b0ee728700a0df46352fdece7a9173a273659b2d74b4cd80af653685fa9fcc9804604495b7bda97b2a4e9ef2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      340B

      MD5

      4a9657573095f20807fd63dd4014bea7

      SHA1

      070a62278fef572b47acd60497a002b206cf3464

      SHA256

      a43e63e0ebf7d70e586fe2dbd944f20fa183cc258ab8ba4de0d199889651db6e

      SHA512

      49f56af960a58a48979cb77db27176a7b8769c179945e41f266df6f731f0414ac534b66c6558eb0c2639baaca3225a71c5b458b2ba5e3e3f2cc0e8e342438f52

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\lvx0ibj\imagestore.dat
      Filesize

      22KB

      MD5

      dcf79f347740f4e44d038984481286a2

      SHA1

      26bb709dc626de0049ab3409a30f17744b363872

      SHA256

      9d3637ce3ad037efb31e550ae61b827816184ba81b22312b96cc1add1eace4ce

      SHA512

      e3b14225fb9af2e05614ee7886d92d4744f4ec976c6a58360132c0eebb089029dc81d2c4b524db144fc4062e15c93ad8dc3ef3c91ee705a59373d1a99eb8b83e

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2UZ9QDGR.txt
      Filesize

      399B

      MD5

      d79da901e39a35c35f9620185e2881bc

      SHA1

      79b619173ccd6d5fb98aad5e543590cf3a28d8a1

      SHA256

      7ef76e9db809ca4e9bae4f1db0e2d34a9b69299acc5555dcfe74de1daddd10c6

      SHA512

      a85a5cff2b08585bcc0a8e2972492e6d73c9dc22e380295b008c09dc4c729cfd9f93a23b028ee8edd1ed7447d1754f1da9908c2788cacffc2b92d7af50466e4d

      Download Submit
    • memory/788-57-0x0000000076601000-0x0000000076603000-memory.dmp
      Filesize

      8KB

      Download
    • memory/788-59-0x000000007161D000-0x0000000071628000-memory.dmp
      Filesize

      44KB

      Download
    • memory/788-58-0x000000007161D000-0x0000000071628000-memory.dmp
      Filesize

      44KB

      Download
    • memory/788-54-0x0000000072BB1000-0x0000000072BB4000-memory.dmp
      Filesize

      12KB

      Download
    • memory/788-56-0x000000005FFF0000-0x0000000060000000-memory.dmp
      Filesize

      64KB

      Download
    • memory/788-55-0x0000000070631000-0x0000000070633000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1980-60-0x0000000000000000-mapping.dmp
      Download
    • memory/1980-61-0x000007FEFC011000-0x000007FEFC013000-memory.dmp
      Filesize

      8KB

      Download