Analysis
-
max time kernel
188s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30-03-2023 23:44
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W97M.Invkay.24548.doc
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W97M.Invkay.24548.doc
Resource
win10v2004-20230220-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
SecuriteInfo.com.W97M.Invkay.24548.doc
-
Size
102KB
-
MD5
f301152b766bffb129f8fb73aa15485c
-
SHA1
358b972cc9b9fadf48d1c2f1a9b7e0acccf91e79
-
SHA256
71601ec9b02db66d9c0068b127e3516fec8abde0a13d0be2422f5d6baa58d897
-
SHA512
3cb38bef4adfc475a47e568c9c7a7a58ada8150ae787412cbe783ae7040c4e0d5739932fb13eb7c2cbc500aa16eb7acd4f06c4521ea49bda75b12344b1323185
-
SSDEEP
768:RgcFMo2zRrfCHuY26gfa3Z5quiV5mI0rAAF852m5bSRfblz3JShT5FcHuurEGES6:RgcFMVz9fcuMtzWNzurIt+NDt
Score
1/10
Malware Config
Signatures
-
Processes:
WINWORD.EXEdescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
WINWORD.EXEpid process 752 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 21 IoCs
Processes:
WINWORD.EXEpid process 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE 752 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W97M.Invkay.24548.doc"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/752-54-0x000000005FFF0000-0x0000000060000000-memory.dmpFilesize
64KB