Overview

overview

8

Static

static

8

6d95d8390a...a3.doc

windows7-x64

1

6d95d8390a...a3.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    166s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d95d8390a00bd979442b73e140597a3.doc

  • Size

    66KB

  • MD5

    6d95d8390a00bd979442b73e140597a3

  • SHA1

    d9d40019cec3ab37d71d74b9906245fca2ae8069

  • SHA256

    f1f6b70c88e1de44ccbed6c70bc332fe315a8edbcf43acab3f8fa7aaaf0cdb0b

  • SHA512

    b4956d2da7b5fbb30f58494d838d76a9e5235c7c2e307ef4ced95595222bcd00fb422a788fd351cea265f4559809835ee8630360c4610a40d9428f82156607da

  • SSDEEP

    768:bVCI2q6a2ePZ3iHuQHM5yyIJtBaeKrRE:ZCIFb2vHk5sBaeK9

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\6d95d8390a00bd979442b73e140597a3.doc"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1716

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1716-54-0x0000000072581000-0x0000000072584000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1716-55-0x0000000070001000-0x0000000070003000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1716-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1716-57-0x0000000076041000-0x0000000076043000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1716-58-0x0000000070FED000-0x0000000070FF8000-memory.dmp

    Filesize

    44KB

    Download