Overview

overview

4

Static

static

1

8ce2f86618...d0.doc

windows7-x64

4

8ce2f86618...d0.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2023, 08:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8ce2f866187d1993dbf4e0c850d112d0.doc

  • Size

    198KB

  • MD5

    8ce2f866187d1993dbf4e0c850d112d0

  • SHA1

    957e57aed77af5cd95e232bec8c4d55d31cd83b0

  • SHA256

    efdf5d9470d62b3e2bad4f44494bec8633861b9a69b2b4ea83664ecde7ea33f2

  • SHA512

    fe3afcc9635702472dbc961b039e909d7f3c41735ebc5c5e0ab45a27b55a380977ee2188389f22d4db1fdb5d0dae77771a24e93aab228aba9817afbcfcd230a2

  • SSDEEP

    3072:85XulxpvOEJW178sn0zifCY+CNW7i1ScG8BZDgQQN+7IbsxpvOEJW17g/:85elxpvfOApzmCjmlGinQJgxpvfOE

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\8ce2f866187d1993dbf4e0c850d112d0.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1004

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
            Filesize

            20KB

            MD5

            e815ca06065e98184677699696bdd43f

            SHA1

            efd4930881e490b6c5eab68b4d0f01275ef345fd

            SHA256

            55a018e4617932fd4d23d20ec674d00eff0d75354cd78dfb8bd0f2aef03a2eb8

            SHA512

            6de944e63ee924e614b01d00cf7a7864a7c9cfa81489d0c8487559edd168477377214f9489a1a1b1e4596abd695db8b9f794f01235bcb64acf0291f1b4a0fb5b

            Download Submit

          • memory/2360-0-0x000000002FAA1000-0x000000002FAA2000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2360-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2360-2-0x000000007124D000-0x0000000071258000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2360-12-0x000000007124D000-0x0000000071258000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2360-33-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2360-36-0x000000007124D000-0x0000000071258000-memory.dmp

            Filesize

            44KB

            Download