f1abbdcb36e1d9a389976e4d5ada0263cad9d9cb2d75319aa0fd2e0e2efaebc5

Resubmissions

13-03-2023 08:48

230313-kqgpeabe5y 8

13-03-2023 08:44

230313-knl64she29 10

11-03-2023 03:29

230311-d16mysgd22 8

11-03-2023 03:21

230311-dwbl1sab2y 8

Analysis

max time kernel
143s
max time network
146s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11-03-2023 03:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nuovo documento 2023.03.10.doc
Size

518.3MB
MD5

7b10cc4d02d11262ff3a0827e1ca926f
SHA1

4178ad78b1891dedc2e50d7fbc03f879b345c1d2
SHA256

d3a1c1342a4b6645ede22de755a41b30bc1720863c6f9905cb4aad0dd7492805
SHA512

93832bb4c8737fd4bfab70224019c68833881cb79ec0ca3dee6dd993ea596d345962b63b87d20944f166c52747ba9f55100c9086d80241df6fdd166fa2186808
SSDEEP

6144:jkmCUX1RauEA55axdWFyDDIqqmbwbLUW:omC7uz552AFZqXbwbA

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

WINWORD.EXE

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log WINWORD.EXE
Office loads VBA resources, possible macro or embedded object present

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

WINWORD.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

WINWORD.EXE

pid process

1972 WINWORD.EXE
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

WINWORD.EXE

pid process

1972 WINWORD.EXE
1972 WINWORD.EXE

pid	process
1972	WINWORD.EXE

pid	process
1972	WINWORD.EXE
1972	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Nuovo documento 2023.03.10.doc"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
20KB

MD5
fa6b24e7d18ab8ad4cd15b87513ab0e7

SHA1
8b59418d579b38f94a0608842e4e1527c446e034

SHA256
addbba4c2342b83a654c0b6a7227d4c79ceae224ce146616e45fa2b5191402ba

SHA512
b191ee49bdaf293db437c3868ee3bda31cce344d81a3815ee92e5f6dca8c7339358b2d7ef688d7bc4815cb6ca2c5da8478126b3a2829231a2ec836e8b1cee80e

Download Submit
memory/1972-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1972-57-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-59-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-60-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-61-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-63-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-62-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-65-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-67-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-70-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-69-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-71-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-72-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-73-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-75-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-76-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-77-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-79-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-80-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-82-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-83-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-84-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-88-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-87-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-86-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-89-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-90-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-91-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-92-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-93-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-95-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-96-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-98-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-100-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-101-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-102-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-103-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-104-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-105-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-99-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-97-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-94-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-85-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-81-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-78-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-74-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-68-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-66-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-64-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-58-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download
memory/1972-106-0x00000000004C0000-0x00000000005C0000-memory.dmp

Filesize
1024KB

Download