Overview

overview

6

Static

static

c837cb372b...d.docx

windows7-x64

6

c837cb372b...d.docx

windows10-2004-x64

6

Analysis

  • max time kernel
    70s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2022, 13:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c837cb372baa763baaf29a4b1d80ae41995ed61ed939aacf87f70ffce18d2cdd.docx

  • Size

    158KB

  • MD5

    5b80481385c2cddd530b31b0c31f2d2a

  • SHA1

    d0ceafd57f455dec7261daeaf82e1bbb55724151

  • SHA256

    c837cb372baa763baaf29a4b1d80ae41995ed61ed939aacf87f70ffce18d2cdd

  • SHA512

    22fef505bb6afaea7e107bb173904ad71cc9757d2c0f08f1cb9238a0704c9760c7768ccf6acbf8cc0f23219e0243b12c3a70c6d6bcae8026111737c48f74b2ea

  • SSDEEP

    3072:XVdn5xhOYGyTTaQoZEAJKHHoXMMCeLuPC9h/dHHmP+iDFjS8NMu8aIuEQh+:XVrvaQoJeIXMmuPCLd1+jL8FQE

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\c837cb372baa763baaf29a4b1d80ae41995ed61ed939aacf87f70ffce18d2cdd.docx"
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:884

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/884-60-0x000007FEFBC31000-0x000007FEFBC33000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1328-54-0x0000000072721000-0x0000000072724000-memory.dmp

            Filesize

            12KB

            Download

          • memory/1328-55-0x00000000701A1000-0x00000000701A3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1328-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1328-57-0x000000007118D000-0x0000000071198000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1328-58-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1328-61-0x000000007118D000-0x0000000071198000-memory.dmp

            Filesize

            44KB

            Download