Overview

overview

4

Static

static

1

Naga_DevOps_002_.docx

windows7-x64

4

Naga_DevOps_002_.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2023, 05:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Naga_DevOps_002_.docx

  • Size

    55KB

  • MD5

    10ec6a94731623346ff3d8e21efea3cd

  • SHA1

    9beb64261a7a304fd3135b3e3e2bb4cf143cfc4a

  • SHA256

    9897606d8ea0d534d7a1ab2ca819062cf64b75734dc27b724b957fdcac644967

  • SHA512

    01e9090c541e791a337d6b6d0190d89df1a46399529b28eb6ea5e3e928f72686b5cc2aab92e1325511ff37de3fd4d8ebe8bdfa2a4072da0c5db6f58647031951

  • SSDEEP

    1536:Y9dKWZlJOLgSGxjHkvg3Nd/hpQNfKjL+tj1lPIQ6Ih:YDKWle5GxIYnhaKCxVn

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Naga_DevOps_002_.docx"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2156

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
            Filesize

            20KB

            MD5

            69cb2c55adcafef972c88bce95e304a9

            SHA1

            d29cea735c8a2e98e924e7381cecf326b375d7e2

            SHA256

            74eb7caeb6e5d9b34e356bdd99ccc10e12028d93832bb5dc54c71a5e7aeb7700

            SHA512

            fcf1be2b12287b57576ea37fea348c5c507a56b962f5dda1dd2bc5c25997755864616462616e983e06b18cde2aa96c490e4eb85bf10fc8b6a5128a234f2006fb

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
            Filesize

            2B

            MD5

            f3b25701fe362ec84616a93a45ce9998

            SHA1

            d62636d8caec13f04e28442a0a6fa1afeb024bbb

            SHA256

            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

            SHA512

            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

            Download Submit

          • memory/2564-54-0x000000002FED0000-0x000000003002D000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2564-55-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2564-56-0x00000000716DD000-0x00000000716E8000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2564-77-0x000000002FED0000-0x000000003002D000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2564-78-0x00000000716DD000-0x00000000716E8000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2564-101-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2564-102-0x00000000716DD000-0x00000000716E8000-memory.dmp

            Filesize

            44KB

            Download