Analysis

  • max time kernel
    113s
  • max time network
    107s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    27-06-2023 04:12

General

  • Target

    1.docm

  • Size

    71KB

  • MD5

    29d924c7b761883d3afb22f67c73b196

  • SHA1

    f9987c22678bfb912d0558c3f5aa3ec68073d13e

  • SHA256

    47b3de1df7152f89a71c82e866060c47af40735e6a70a0b9486fdf32a1347851

  • SHA512

    703a00fb8b844702dbda5599e92269d0395c8a88a0ccf803b32ce2a73e044cc2b4586094c3b01db3c1d3b4e069480a5640d9c0e4c67de4abede8d46478a62561

  • SSDEEP

    1536:/jNQk66jRqB3pjKGLAIhKpH6un3zwpQgIBxlNY:/jNQk66lEBKGL0pH6unjwgBxlNY

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\1.docm"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:760

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      b54635f81a499f129869697c5e65c450

      SHA1

      154cf0078b8f83fdd80fb7b4a997f5ee1c65c578

      SHA256

      412800fb2861301207455c3e459b46fd9b38474dea0e1a211c601b5ea4383a2e

      SHA512

      62a2ccf3a8bc6d3f37460563df9b4277fd66f9b5eb3ea8493c6b25bdbeaef344e52397e0154579efce3f49ffae0bd4564ea641b845932fa3cbd6b5959394904e

    • C:\Users\Admin\AppData\Local\Temp\Cab2FAC.tmp

      Filesize

      62KB

      MD5

      3ac860860707baaf32469fa7cc7c0192

      SHA1

      c33c2acdaba0e6fa41fd2f00f186804722477639

      SHA256

      d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

      SHA512

      d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    • C:\Users\Admin\AppData\Local\Temp\Tar321F.tmp

      Filesize

      164KB

      MD5

      4ff65ad929cd9a367680e0e5b1c08166

      SHA1

      c0af0d4396bd1f15c45f39d3b849ba444233b3a2

      SHA256

      c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

      SHA512

      f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    • C:\Users\Admin\AppData\Local\Temp\v7JcR5.scr

      Filesize

      491B

      MD5

      9974ad5a254b4d04a99c38ed87b41771

      SHA1

      304625b3c0424feaf17877dbe0a466c71a8f6a84

      SHA256

      821017b5cfbbf6130ab76cb36d1cc3fc6822a1f642c5218c242bd9dbbbda56b6

      SHA512

      546bc73860185d717d69979f96e1a192cad1da63833151d212a00ea4cb40b41c3cd355246d010562097ddeefc0ab874166b576ec07a37cc27a94a063a73131d6

    • memory/1628-60-0x0000000000690000-0x0000000000790000-memory.dmp

      Filesize

      1024KB

    • memory/1628-63-0x0000000000690000-0x0000000000790000-memory.dmp

      Filesize

      1024KB

    • memory/1628-66-0x0000000000690000-0x0000000000790000-memory.dmp

      Filesize

      1024KB

    • memory/1628-67-0x0000000000690000-0x0000000000790000-memory.dmp

      Filesize

      1024KB

    • memory/1628-68-0x0000000000690000-0x0000000000790000-memory.dmp

      Filesize

      1024KB

    • memory/1628-70-0x0000000000690000-0x0000000000790000-memory.dmp

      Filesize

      1024KB

    • memory/1628-71-0x0000000006360000-0x0000000006460000-memory.dmp

      Filesize

      1024KB

    • memory/1628-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/1628-62-0x0000000000690000-0x0000000000790000-memory.dmp

      Filesize

      1024KB

    • memory/1628-61-0x0000000000690000-0x0000000000790000-memory.dmp

      Filesize

      1024KB

    • memory/1628-59-0x0000000000690000-0x0000000000790000-memory.dmp

      Filesize

      1024KB

    • memory/1628-162-0x0000000006360000-0x0000000006460000-memory.dmp

      Filesize

      1024KB