Analysis
-
max time kernel
150s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
23-03-2023 00:06
Behavioral task
behavioral1
Sample
VirusShare_3f0b1eed4b7b9ae05fab4d949843f103.doc
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
VirusShare_3f0b1eed4b7b9ae05fab4d949843f103.doc
Resource
win10v2004-20230220-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
VirusShare_3f0b1eed4b7b9ae05fab4d949843f103.doc
-
Size
35KB
-
MD5
3f0b1eed4b7b9ae05fab4d949843f103
-
SHA1
e5b9fa0a23f337adae93ed4e8fcd1e9d9db4acba
-
SHA256
ce21d34bafe338effb8f619936f057084cb45743fce884a1465966d8523a00a8
-
SHA512
292183a9d0b3e5759453a43bcf34b8b1d09d09523687bfab090dd740a5c70169938904949b1c5a025b40082898dc3ec240ad2ec788b66f256efe5a041f774740
-
SSDEEP
384:3+WbqwPv/ETzbVwNY/+TU5lHizK+BS3DzxW8M2GzraAzVCIXh3aM:OWbqm/EvZwO2TUrEQDtI2G31lX5
Score
1/10
Malware Config
Signatures
-
Processes:
WINWORD.EXEdescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
WINWORD.EXEpid process 1948 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 21 IoCs
Processes:
WINWORD.EXEpid process 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE 1948 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\VirusShare_3f0b1eed4b7b9ae05fab4d949843f103.doc"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1948-54-0x000000005FFF0000-0x0000000060000000-memory.dmpFilesize
64KB