Overview

overview

4

Static

static

1

bc9774804c...b3.rtf

windows7-x64

4

bc9774804c...b3.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2023, 02:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc9774804cbf9c9b994b0379c78ec2b3.rtf

  • Size

    53KB

  • MD5

    bc9774804cbf9c9b994b0379c78ec2b3

  • SHA1

    1c05afde402fed521257475a53f7fc782cddbbe1

  • SHA256

    041afb2745c2fc431a3617df448eb7ef5ebbe6ea8f6392b8c11928205f9f40fc

  • SHA512

    5ee7fd1078f9dd7e95a373944ffe3c59823d49ce46fe8419dfb008e089b9763fa76837e04d77ef7d8ed0749fff807a973fc4aeeae53f12275e4d691de4e94002

  • SSDEEP

    768:ZeX1/30Xj3TOGT9Bz2E262Duj2Ajn8l/NLoJ0o:ZeXeXjnDJbEHo

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\bc9774804cbf9c9b994b0379c78ec2b3.rtf"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2608

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
            Filesize

            20KB

            MD5

            1d0084004e0f1c849b8acecb0ecf07b8

            SHA1

            c225a670fe8be46d69183940943ed1c07a6e444e

            SHA256

            c29744e63cfeea240e5b3b314e9c04ccc1d17e1be0632b56e0126441607368b1

            SHA512

            583212be5e2be51fda537f2a71b0db5800a48b0eb339ef3c3eaf7d46af2334a201e57b745a6be39cb87a0a9282c31de8f44f33b04ccc359598aadef87f60035e

            Download Submit

          • memory/1056-54-0x000000002FC80000-0x000000002FDDD000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1056-55-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1056-56-0x000000007130D000-0x0000000071318000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1056-63-0x000000002FC80000-0x000000002FDDD000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/1056-64-0x000000007130D000-0x0000000071318000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1056-80-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1056-81-0x000000007130D000-0x0000000071318000-memory.dmp

            Filesize

            44KB

            Download