71601ec9b02db66d9c0068b127e3516fec8abde0a13d0be2422f5d6baa58d897

Analysis

max time kernel
188s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30-03-2023 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.W97M.Invkay.24548.doc
Size

102KB
MD5

f301152b766bffb129f8fb73aa15485c
SHA1

358b972cc9b9fadf48d1c2f1a9b7e0acccf91e79
SHA256

71601ec9b02db66d9c0068b127e3516fec8abde0a13d0be2422f5d6baa58d897
SHA512

3cb38bef4adfc475a47e568c9c7a7a58ada8150ae787412cbe783ae7040c4e0d5739932fb13eb7c2cbc500aa16eb7acd4f06c4521ea49bda75b12344b1323185
SSDEEP

768:RgcFMo2zRrfCHuY26gfa3Z5quiV5mI0rAAF852m5bSRfblz3JShT5FcHuurEGES6:RgcFMVz9fcuMtzWNzurIt+NDt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

WINWORD.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

WINWORD.EXE

pid process

752 WINWORD.EXE

Suspicious use of SetWindowsHookEx 21 IoCs

Processes:

WINWORD.EXE

pid	process
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE
752	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W97M.Invkay.24548.doc"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:752

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/752-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download