ff70cb7fbe9723660b9a8e46ca828b31432be1abcd6fa372f934f0c702cfaeae

Analysis

max time kernel
146s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

comn701bul.dotm
Size

23KB
MD5

12f938b403dc7d335c21703b67d23f81
SHA1

24a2355e905f6f6328830506077033e789941fa4
SHA256

ff70cb7fbe9723660b9a8e46ca828b31432be1abcd6fa372f934f0c702cfaeae
SHA512

e37f7a0aecfbe4aedd2171f878a232f193643c8870dd1ba5aa3a121c8ad284f4181a3d45ff6a0b1856961699aa7a6795a6694dac803fe83bb7123781fb8c69cf
SSDEEP

384:tmt4EDRI4j9hk9Z2Z5Yt2vE9Ar6Fjle+gq1ei+4Nxt/ZtNNTNKXY1/Ln4Whcjqhm:q4uphhcXAr6Fjle+f7ZxllN/ddOWHg

Score

1^/10

Malware Config

Signatures

Office loads VBA resources, possible macro or embedded object present

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1880	WINWORD.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1880	WINWORD.EXE
1880	WINWORD.EXE
1880	WINWORD.EXE
1880	WINWORD.EXE
1880	WINWORD.EXE
1880	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\comn701bul.dotm"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1880

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1880-54-0x0000000072831000-0x0000000072834000-memory.dmp

Filesize
12KB

Download
memory/1880-55-0x00000000702B1000-0x00000000702B3000-memory.dmp

Filesize
8KB

Download
memory/1880-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1880-57-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download
memory/1880-58-0x000000007129D000-0x00000000712A8000-memory.dmp

Filesize
44KB

Download
memory/1880-60-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-59-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-61-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-62-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-63-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-64-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-65-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-66-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-67-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-69-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-68-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-70-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-71-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-72-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-74-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-73-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-75-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-76-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-77-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-79-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-78-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-80-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-82-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-81-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-83-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-85-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-84-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-86-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-87-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-88-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-89-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-91-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-90-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-92-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-93-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-95-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-94-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-97-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-96-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-98-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-99-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-100-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-101-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-102-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-105-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-104-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-103-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-106-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-107-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-109-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-108-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-110-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-111-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-113-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-112-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-114-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-115-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-117-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-116-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download
memory/1880-118-0x0000000000524000-0x0000000000528000-memory.dmp

Filesize
16KB

Download