8114dad38b72dda05048e3ed3b4fe06d0d5f9b4f6969ff212f7bed97a80a49d9

Analysis

max time kernel
146s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8114dad38b72dda05048e3ed3b4fe06d0d5f9b4f6969ff212f7bed97a80a49d9.doc
Size

52KB
MD5

0d33fb33f8b7c62cacb865d2c4de31e3
SHA1

d54ea5c8a659bb4dea8032e86544306de6f62081
SHA256

8114dad38b72dda05048e3ed3b4fe06d0d5f9b4f6969ff212f7bed97a80a49d9
SHA512

1d6a6df2dc43abdbd9ef43fa206943ac86ea246ff8d3fb9bb6fbed6ae3e975ff6ce77766084da0175ee663b448cd7742556d04622cf9a940a6f975f0169b449f
SSDEEP

768:laMYgUV1P9K5LXky6lBFLLjdV6PUb3o/L32r:1YgUV1P9K5LXoFLjFb3E

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

WINWORD.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

WINWORD.EXE

pid process

1308 WINWORD.EXE

Suspicious use of SetWindowsHookEx 20 IoCs

Processes:

WINWORD.EXE

pid	process
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE
1308	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\8114dad38b72dda05048e3ed3b4fe06d0d5f9b4f6969ff212f7bed97a80a49d9.doc"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1308

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1308-54-0x0000000071FA1000-0x0000000071FA4000-memory.dmp

Filesize
12KB

Download
memory/1308-55-0x000000006FA21000-0x000000006FA23000-memory.dmp

Filesize
8KB

Download
memory/1308-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1308-57-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1308-58-0x0000000070A0D000-0x0000000070A18000-memory.dmp

Filesize
44KB

Download