Overview

overview

10

Static

static

beyondsear...2.docm

windows7-x64

4

beyondsear...2.docm

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-08-2022 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    beyondsearch,doc,08.11.22.docm

  • Size

    2.2MB

  • MD5

    ab5796d82e0a8467837ced35e6b725b7

  • SHA1

    3e69850c66255bbd093579fdb161a16e64d8a848

  • SHA256

    500b85d4e573f6e14e96c0a06e2d8fe15572c0eb97e3cc6d204d3416140d8a61

  • SHA512

    20c4a3d667f01eaebe2b201d29ac9939484bf8e72e57cdff5f82c99d1bb04f2bd3a9a488dcd901ff0facc2542e9b7a15df0c0a715de32f6f325bcb6965d76135

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Program crash 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\beyondsearch,doc,08.11.22.docm" /o ""
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:960
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 960 -s 3900
      2⤵
      • Process spawned unexpected child process
      • Program crash
      PID:3268
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 432 -p 960 -ip 960
    1⤵
      PID:2908

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/960-130-0x00007FFCD4B90000-0x00007FFCD4BA0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/960-131-0x00007FFCD4B90000-0x00007FFCD4BA0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/960-132-0x00007FFCD4B90000-0x00007FFCD4BA0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/960-133-0x00007FFCD4B90000-0x00007FFCD4BA0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/960-134-0x00007FFCD4B90000-0x00007FFCD4BA0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/960-135-0x00007FFCD2B30000-0x00007FFCD2B40000-memory.dmp
      Filesize

      64KB

      Download
    • memory/960-136-0x00007FFCD2B30000-0x00007FFCD2B40000-memory.dmp
      Filesize

      64KB

      Download
    • memory/960-137-0x000001D9E77BD000-0x000001D9E79A0000-memory.dmp
      Filesize

      1.9MB

      Download
    • memory/960-138-0x000001D9E6FF0000-0x000001D9E70E6000-memory.dmp
      Filesize

      984KB

      Download
    • memory/960-139-0x000001D9E6FF0000-0x000001D9E70E6000-memory.dmp
      Filesize

      984KB

      Download