Overview

overview

10

Static

static

10

Bouwvak 20...ttack1

windows7-x64

3

Bouwvak 20...ttack1

windows10-2004-x64

3

How_to_bac...s.html

windows7-x64

1

How_to_bac...s.html

windows10-2004-x64

1

WEEKPLANNI...ttack1

windows7-x64

3

WEEKPLANNI...ttack1

windows10-2004-x64

3

Resubmissions

08-05-2023 13:17

230508-qjgzgsce9x 10

08-05-2023 13:13

230508-qgbdxsce8z 10

Analysis

  • max time kernel
    88s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2023 13:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WEEKPLANNING 2023.docx.attack1

  • Size

    220KB

  • MD5

    5375570516b3f895a0cc78b92ddbaeb2

  • SHA1

    fe9434598a2555f7595f97ab8b590033b12a5b25

  • SHA256

    85043ed6006aeeb9b374300c0e997c913579002f2fe1ff3c648216e3576d4ae6

  • SHA512

    3d5a73635d71a9b7505aed93cc2d758d99b2911cd2ff4fa108d24f35b44cbcfbdbc4d6a88afec12c707a36ec2b2c4b0c974aedfd0d1ad0eef0a5c4acc10c59b1

  • SSDEEP

    6144:t5apOabqGYWvYp1Nq11bRbItI19yrb/1WpgDo2g:tEpgHW11Krj1WpSo2g

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\WEEKPLANNING 2023.docx.attack1"
    1⤵
    • Modifies registry class
    PID:3700
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2720

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads