33d926d8284d38fe097eaab7867baa0fc5214a1eab517807efda4ceab45f0edd

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
02-08-2023 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New_Order_Inquiry.docx
Size

174KB
MD5

3315c5db742c60f16f85a14f81ad2f37
SHA1

1d32a5f4bb85f199801fddeb23114ee4da3814d5
SHA256

33d926d8284d38fe097eaab7867baa0fc5214a1eab517807efda4ceab45f0edd
SHA512

1894a539d940dd197428d8f9d9dd6cd9f51d50553aa30698550220bf44e1f0814314d97e81e83dbade3360471da3c060ba728a93724d70cb39e6544d10a7a15e
SSDEEP

3072:Eb7TzfMeFSONum4bxW9Sb8FPIQtfm6i4QXEwMmvzxcDxe8bbd4:e3jMeH8TAPxe6iX0wMmlcV74

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1708	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1708	WINWORD.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1708	WINWORD.EXE
1708	WINWORD.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2780	1708	WINWORD.EXE	30
PID 1708 wrote to memory of 2780	1708	WINWORD.EXE	30
PID 1708 wrote to memory of 2780	1708	WINWORD.EXE	30
PID 1708 wrote to memory of 2780	1708	WINWORD.EXE	30

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\New_Order_Inquiry.docx"
1⤵
- Drops file in Windows directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{3D1DEFD2-06D1-4FE8-9416-CC1CAE863F34}.FSD

Filesize
128KB

MD5
5ab53d8c3110d535dcd8f1afcaf6bd63

SHA1
b38f87249f4fda821d1796731405b8c8ba45b003

SHA256
113f6c5d0aad266717da74e9d60cc33d2c5fae13619fc986425737266128712b

SHA512
bbe957faaf4283e752adf138605f6eca425d6c55ccb95e311244fd761e5d73af1d6299a6387247ab235b09b79e5620207dd6523f84f3b5ff9bb647eeff7205bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

Filesize
128KB

MD5
00c31cf53308da2f4916acc1047cee5d

SHA1
bfdec438efd53593c92bf2463b4134b895ec1cf1

SHA256
fdf55345a7f4a5674fdb9fd43aec1c50594c4bed50979ebad5240102c6c4870e

SHA512
c5c2e6cc2ad6c3be09fc2e54c28815acc124db17e5236e3e63608a75b9bb73813cadedae8a4a6170886ff27215de668af3538cd82ca873ad81d8ccc6cbee71d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

Filesize
128KB

MD5
56efebd8c306ae27fa221bd69fa2e67b

SHA1
6b9fa673caed59c935f5fc1ae91a67502f05856f

SHA256
b174fb523ade9d2346c9cb28317fd5e8499babf0a682bb010d0203712cc44607

SHA512
c7ff591b34a34d8052badddb9a7090610545e07f53bed94c37cf8b6b22d744835422be1646f58bd4665f03ddc92e4259abf651f378d82030234e2720e59066e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{B6ED086E-0F24-4200-93FD-ECF809FC412E}.FSD

Filesize
128KB

MD5
23a99c19ff7e2a90f9ff84b824b06e5b

SHA1
7779269a4452a4770eb3f501708b456369baf8e6

SHA256
9c8dfd23e9295dfe46e6144f95d2b4992ff21c56b6d3291ffcac8ddf991d244f

SHA512
73e06db90b4a2a24b561081265cc007dc0160fd4c658326c16f46a1039a41e5bb2b9a0ccfa7ca64f67c0e71981a80e5967f5342323bba1c83a93a35911b92167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AJTUMOT\EWXLt[1].htm

Filesize
4KB

MD5
d38fa51b62ab8479846eb5e465b45869

SHA1
176c084fdac473536da796614d7d08355658c1dd

SHA256
a14b1ddcd2085616c9ae07f4e6d1aeed4bcdda7e822703ec25f2b3a643654013

SHA512
efc20133249088650b9dd1aa4a225c324ac32886fca13d069a71ce22b15a165611bc69dabfa7ab2d4741c1cad10ac42d40f2b80d7ae4219ddd992b28cd2ef95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\33B57B5B.svg

Filesize
4KB

MD5
e5c61878b60131a6ac8e94a80597f81d

SHA1
3b730bc3bbf3e56de4caa2389eac17bac1ad6997

SHA256
194f8974284cad509d798f11b1104d9dda63a550078e29c0725dedfb302024b1

SHA512
30ff13f4dd0153bb426c3e101a57524e7f29f1a2be879d0257f87a47eff8c2e069deadb064949b25b5e4200b5880645c8b71b5fceaec7be002b4d6c1f46fbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\84248921.dat

Filesize
1KB

MD5
a19e3005f2cf4408c6a0ef18419fd9cf

SHA1
2b2fe21480eae6c5bbc3bdc736e1186815fecffc

SHA256
01188acaff9047e8b0e6293aa34350f74b8b27f425323323b3ebd16e0284a26e

SHA512
f2c3dcc37e1868612cf73c976385c00d11c0b52db3846ab8a19d2fdf9cc0a0ec9e704da7607bb56076de7c57743f581d4ba56924994a89e692d20fe16b7ee7aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\{AEBFE296-E063-400B-B636-309CD88D8B91}

Filesize
128KB

MD5
12660e4dacb289ee1a924d46e2bd7979

SHA1
968f9e4cd3404429ad08ca8f09b006fa9db30656

SHA256
e83939bea0a0de6f1d3c7d24838a803928e6bdee446df1f0f4c37d0f46256b1a

SHA512
be36d86279c9ca23b52f6664bc830eb678f5ae7cf218de1461f3a1a0f210f6210a857e60a65d651282776853720ec59f80697e28e0fb792aeefb0204597fcaaf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
20KB

MD5
1a30c41cd27ad697beb4fa45913bb194

SHA1
50408bcddf46d55c517d694e770dcc641d997d59

SHA256
557d2ecbb3382a21d544e666daa00e56a2ddbc35ca81e727d88aefbbb530511d

SHA512
80ec9098fcc1906fdfaf973f484b74a601edd8bd1f1ed167757ab5de60eeba48e4c592ae8d98bf7bec3da407a9b77201fdd292c1b363c2d8fb1831cdc210c970

Download Submit
memory/1708-59-0x000000002F620000-0x000000002F77D000-memory.dmp

Filesize
1.4MB

Download
memory/1708-56-0x0000000070ACD000-0x0000000070AD8000-memory.dmp

Filesize
44KB

Download
memory/1708-142-0x0000000070ACD000-0x0000000070AD8000-memory.dmp

Filesize
44KB

Download
memory/1708-55-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1708-54-0x000000002F620000-0x000000002F77D000-memory.dmp

Filesize
1.4MB

Download
memory/1708-212-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1708-215-0x0000000070ACD000-0x0000000070AD8000-memory.dmp

Filesize
44KB

Download