Overview

overview

7

Static

static

doc_client.docm

windows7-x64

7

doc_client.docm

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/10/2022, 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    doc_client.docm

  • Size

    36KB

  • MD5

    df1e61a53d208ffbd92e46690b416e19

  • SHA1

    69edca5257e6f3712421db765065b1cf519a3687

  • SHA256

    0ae1e456ec42a4682befb2e277832d9e2ad17966b186c801d65c0e2f41f93456

  • SHA512

    a2e92dd7b0c6882115313d376b47872277e5c8fe9feb9373b19b8faaecd2496151bc886fdaaf4421da9906f6cfff49762155eecad171eac1a8829ffd4e535d5c

  • SSDEEP

    768:LCCJBjbihmCDL4gIdxgas+vDbmWf/h/KOUfrO:LCCz0mCDL6swDbh3h/KLS

Score
7/10

Malware Config

Signatures

  • Abuses OpenXML format to download file from external location 2 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\doc_client.docm"
    1⤵
    • Abuses OpenXML format to download file from external location
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/864-54-0x0000000072651000-0x0000000072654000-memory.dmp

    Filesize

    12KB

    Download

  • memory/864-55-0x00000000700D1000-0x00000000700D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/864-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/864-57-0x0000000076321000-0x0000000076323000-memory.dmp

    Filesize

    8KB

    Download

  • memory/864-58-0x00000000710BD000-0x00000000710C8000-memory.dmp

    Filesize

    44KB

    Download