Overview

overview

4

Static

static

1

Monika_TableauSql.doc

windows7-x64

4

Monika_TableauSql.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    30/08/2023, 18:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Monika_TableauSql.doc

  • Size

    86KB

  • MD5

    d26e3c089e4b8881298387f5fb892e4f

  • SHA1

    771d26b3e52434025b2cb8be45d1d64475c9f079

  • SHA256

    cacebd71cd787ee7b257d7fe3959b8fa4d398c962c05162f7b3f86de28f1c762

  • SHA512

    80c8eb38697b0d45977254ccec835eb3ffe2cb06488bcd765255e722d45e6cd4bbd234f08e832140a1d0a27e08a4114e58e65cf0914d7f28eaf8f32e356e5fff

  • SSDEEP

    1536:GgyupHK3qHNZFsYQFV5FV5FttVt+FStvFcFgFAFPFVtvFplaFkc7hiANDw3:fyupHK38NN+h

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Monika_TableauSql.doc"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2844

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
            Filesize

            20KB

            MD5

            c542127508af3f3778bc5c10d5d24624

            SHA1

            08816b5eaf45d173d90b9efd8db627b51fae274c

            SHA256

            fe25872171d628c0ecb5087d264cd4d1760f6c4dfdb38f05901b8d57fe8e848f

            SHA512

            1491341bf3b674ca25778b412ca1410e8d6e3d731d30149c767469171d763f065d46655df41359a6e8e67454c2938f6b694bb32f7f55bd34ec4a996d4b247fe9

            Download Submit

          • memory/2564-0-0x000000002FFF0000-0x000000003014D000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2564-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2564-2-0x000000007121D000-0x0000000071228000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2564-10-0x000000002FFF0000-0x000000003014D000-memory.dmp

            Filesize

            1.4MB

            Download

          • memory/2564-11-0x000000007121D000-0x0000000071228000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2564-27-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2564-28-0x000000007121D000-0x0000000071228000-memory.dmp

            Filesize

            44KB

            Download