Analysis
-
max time kernel
88s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
08-05-2023 13:17
Behavioral task
behavioral1
Sample
Bouwvak 2023.xlsx.attack1
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Bouwvak 2023.xlsx.attack1
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
How_to_back_files.html
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
How_to_back_files.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
WEEKPLANNING 2023.docx.attack1
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
WEEKPLANNING 2023.docx.attack1
Resource
win10v2004-20230220-en
General
-
Target
WEEKPLANNING 2023.docx.attack1
-
Size
220KB
-
MD5
5375570516b3f895a0cc78b92ddbaeb2
-
SHA1
fe9434598a2555f7595f97ab8b590033b12a5b25
-
SHA256
85043ed6006aeeb9b374300c0e997c913579002f2fe1ff3c648216e3576d4ae6
-
SHA512
3d5a73635d71a9b7505aed93cc2d758d99b2911cd2ff4fa108d24f35b44cbcfbdbc4d6a88afec12c707a36ec2b2c4b0c974aedfd0d1ad0eef0a5c4acc10c59b1
-
SSDEEP
6144:t5apOabqGYWvYp1Nq11bRbItI19yrb/1WpgDo2g:tEpgHW11Krj1WpSo2g
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2720 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\WEEKPLANNING 2023.docx.attack1"1⤵
- Modifies registry class
PID:3700
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2720