Overview

overview

4

Static

static

1

Anji Reddy...r.docx

windows7-x64

4

Anji Reddy...r.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2023 00:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Anji Reddy -Certified SalesForce Developer.docx

  • Size

    137KB

  • MD5

    0eea2c9ded8d309820234b17b4e8343f

  • SHA1

    88ec76de11c3972f1805a9c1ab0fb2c81197839d

  • SHA256

    14a345284451e91e690daeeecdb8408c33ad9bcd725fbc2090780bc128e4d0bc

  • SHA512

    a57f2b85538841eb36a31b1ec3b36c9cd5db972cc3e22482e16929a532223caf5bc19c68be0b7798775ab7039fdba03f3a259e1afe1dc27ae74a9d0966ab687c

  • SSDEEP

    3072:QOw88yvt7SMkEhz+PL5BzrLwpJ6yK8/h7b7/ZDO+Ukd/:QOw88YJkEIJLwpgjGhb7hDO+UkZ

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Anji Reddy -Certified SalesForce Developer.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2812

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      3a7c0a8b0556bb7aa7a9feba80013246

      SHA1

      83699bbf07d03d91bc62848797e390aa42d73862

      SHA256

      ce187899bf297cb2d13b12ddc7747ddbc9ac7ecd1f41b497fdccebd9a2a93329

      SHA512

      e39da79800f090bc1c402a8da8c9c1dea2102d8f1cf15e2c8d9e002e069a8b3478f34f64e7a98ea21e4674ab053462b4afd93b5cc98d986f4b932183c40b4e6a

      Download Submit

    • memory/2272-0-0x000000002F061000-0x000000002F062000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2272-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2272-2-0x00000000710DD000-0x00000000710E8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2272-14-0x00000000710DD000-0x00000000710E8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2272-38-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2272-39-0x00000000710DD000-0x00000000710E8000-memory.dmp

      Filesize

      44KB

      Download