Overview

overview

10

Static

static

10

Bouwvak 20...ttack1

windows7-x64

3

Bouwvak 20...ttack1

windows10-2004-x64

3

How_to_bac...s.html

windows7-x64

1

How_to_bac...s.html

windows10-2004-x64

1

WEEKPLANNI...ttack1

windows7-x64

3

WEEKPLANNI...ttack1

windows10-2004-x64

3

Resubmissions

08-05-2023 13:17

230508-qjgzgsce9x 10

08-05-2023 13:13

230508-qgbdxsce8z 10

Analysis

  • max time kernel
    149s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2023 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WEEKPLANNING 2023.docx.attack1

  • Size

    220KB

  • MD5

    5375570516b3f895a0cc78b92ddbaeb2

  • SHA1

    fe9434598a2555f7595f97ab8b590033b12a5b25

  • SHA256

    85043ed6006aeeb9b374300c0e997c913579002f2fe1ff3c648216e3576d4ae6

  • SHA512

    3d5a73635d71a9b7505aed93cc2d758d99b2911cd2ff4fa108d24f35b44cbcfbdbc4d6a88afec12c707a36ec2b2c4b0c974aedfd0d1ad0eef0a5c4acc10c59b1

  • SSDEEP

    6144:t5apOabqGYWvYp1Nq11bRbItI19yrb/1WpgDo2g:tEpgHW11Krj1WpSo2g

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\WEEKPLANNING 2023.docx.attack1"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\WEEKPLANNING 2023.docx.attack1
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:568
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\WEEKPLANNING 2023.docx.attack1"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:892

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads