Overview

overview

10

Static

static

8

927eefd9-e...94.eml

windows7-x64

5

927eefd9-e...94.eml

windows10-2004-x64

3

Fattura 20...93.zip

windows7-x64

1

Fattura 20...93.zip

windows10-2004-x64

1

Fattura 20...93.doc

windows7-x64

10

Fattura 20...93.doc

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

Analysis

  • max time kernel
    114s
  • max time network
    86s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2023 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fattura 2023 - IT 00993.doc

  • Size

    522.3MB

  • MD5

    810a64ae0b33101c6c9247d9f01d4ec2

  • SHA1

    c43bfa75046c4ddf1d6c73961ada5d273822f34b

  • SHA256

    c6f249d45a78978f7e1256d9606948802f8f040b16f39e646f0ef6b3b6c68198

  • SHA512

    c52327c9f033db5f2b975390de37a44b8ed013c401438733032a09c11475a4d0aa4714c4358ff06a958abe290cc2f22e1ac80e3b8294b6390f9efff7c99d1927

  • SSDEEP

    6144:jkmCUX1RauEA55axdWFyDDIqqmbwbLUW:omC7uz552AFZqXbwbA

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Fattura 2023 - IT 00993.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\091431.tmp"
      2⤵
      • Process spawned unexpected child process
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Users\Admin\AppData\Local\Temp\091431.tmp"
        3⤵
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1924
        • C:\Windows\system32\regsvr32.exe
          C:\Windows\system32\regsvr32.exe "C:\Windows\system32\VAjpDQ\oCjFtZwbICdX.dll"
          4⤵
            PID:1516
      • C:\Windows\splwow64.exe
        C:\Windows\splwow64.exe 12288
        2⤵
          PID:1700

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\091431.tmp
        Filesize

        514.5MB

        MD5

        7ac680c04fe36ba51d7ef663aa11b38e

        SHA1

        032bfaa90439cc877cee474c9595aa5d592cb6a2

        SHA256

        bb098f66438c8762e5015baaeac49f9ac81545c10bbe899803db56e9c2ada98a

        SHA512

        6a6c8e1d969153735ff7381607b649e2d4d431c3ee08e0291de8f25a794f62725a51df1edc44df76db355972e943506904726d2f23d842a06adbc230e140be72

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\091435.zip
        Filesize

        809KB

        MD5

        f780db732dafe3aea7bec6e5b1915dc5

        SHA1

        a388e7954f76557d5edf4b8315d669fd2e4e7e8c

        SHA256

        14ee7bb38b78d00530df973d039d0c0586c4fd83e890e0cb63761f4b5baed11d

        SHA512

        6cc273cf52d6cc767dfa05b6408053ffa695abdaa42684d1fd196e3e43aca9b1395b5954266a8601f34cd52c5d7e559f0bad65dea2b5ac4ea17adf6ce1793f4c

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
        Filesize

        20KB

        MD5

        b9cf105fa0af2cccc51dd6380705955a

        SHA1

        13f7bb308336f343327a8a9aab3f0e750fa5c23c

        SHA256

        cb0f4737629dad729336113fbd96106eeec1fde00f84694af684328989776168

        SHA512

        13d03709cf3ee66bd3d36c60d9f78d5c8b5831605008f275c55923dd05e7adbf0e5159c53ba25ddc14262f3809675255212dc0fde8147acfc1c190ddbc9a5d3c

        Download Submit

      • \Users\Admin\AppData\Local\Temp\091431.tmp
        Filesize

        514.5MB

        MD5

        7ac680c04fe36ba51d7ef663aa11b38e

        SHA1

        032bfaa90439cc877cee474c9595aa5d592cb6a2

        SHA256

        bb098f66438c8762e5015baaeac49f9ac81545c10bbe899803db56e9c2ada98a

        SHA512

        6a6c8e1d969153735ff7381607b649e2d4d431c3ee08e0291de8f25a794f62725a51df1edc44df76db355972e943506904726d2f23d842a06adbc230e140be72

        Download Submit

      • \Users\Admin\AppData\Local\Temp\091431.tmp
        Filesize

        514.5MB

        MD5

        7ac680c04fe36ba51d7ef663aa11b38e

        SHA1

        032bfaa90439cc877cee474c9595aa5d592cb6a2

        SHA256

        bb098f66438c8762e5015baaeac49f9ac81545c10bbe899803db56e9c2ada98a

        SHA512

        6a6c8e1d969153735ff7381607b649e2d4d431c3ee08e0291de8f25a794f62725a51df1edc44df76db355972e943506904726d2f23d842a06adbc230e140be72

        Download Submit

      • memory/1060-82-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-91-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-58-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-60-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-62-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-61-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-64-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-63-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-65-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-66-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-67-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-68-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-69-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-70-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-71-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-72-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-73-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-74-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-75-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-76-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-77-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-78-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-79-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-80-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-81-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-57-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1060-1245-0x0000000006310000-0x0000000006311000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1060-59-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-86-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-87-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-88-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-89-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-90-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-85-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-92-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-94-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-93-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-95-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-96-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-97-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-98-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-99-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-100-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-101-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-103-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-102-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-104-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-105-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-106-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-110-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-84-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1060-1463-0x0000000006310000-0x0000000006311000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1060-83-0x00000000006E0000-0x00000000007E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/1516-1464-0x00000000001F0000-0x00000000001F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1924-1458-0x00000000002B0000-0x00000000002B1000-memory.dmp

        Filesize

        4KB

        Download