Overview

overview

4

Static

static

1

d7a5dd9a34...c6.rtf

windows7-x64

4

d7a5dd9a34...c6.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2023 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d7a5dd9a349fc5f8595e9408d3af28c6.rtf

  • Size

    287KB

  • MD5

    d7a5dd9a349fc5f8595e9408d3af28c6

  • SHA1

    d11bf55d07256616f369199cc524593c75c45b64

  • SHA256

    c232d7c6db5a2b0d8f97e97652666c78dc68288c9cd5920d2f33e3b3f86c6d09

  • SHA512

    788b290d01a651671fd43ce2dc190838f8a768081c5609bd27ef822dd16a9f9644394a0684c5f6f62c0dd6f642aac1cf46678aac511fc5dcb493fc42b5615071

  • SSDEEP

    1536:zBoFRk3F/uWU3D/qO0bi49dIxOSnxFQjx4Xs7mmhL2qQJBpqQur4r5Ly+SCxSHRP:zARO/uWUekHnxSjTLhqRJjN8tAUp

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\d7a5dd9a349fc5f8595e9408d3af28c6.rtf"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2784

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      1dbda242c39ad0be7fd9eca13220ee06

      SHA1

      b844ee97747914e3167d6914df1ed836c6af919e

      SHA256

      1b02f904c81393e8be07e2e4b14cfca08abbf7981ae75067c8b1ef65e32fc0f0

      SHA512

      7d2847cc2ebcaef33a38194ca434008fc34a81ab897f9a01f453488a6a4dcc9619d1c97334468c30f73cf9b7c4b34bf36bdcc6f922023da33d9f94bd2c644361

      Download Submit

    • memory/2488-0-0x000000002F3D1000-0x000000002F3D2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2488-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2488-2-0x000000007197D000-0x0000000071988000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2488-18-0x000000007197D000-0x0000000071988000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2488-31-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2488-34-0x000000007197D000-0x0000000071988000-memory.dmp

      Filesize

      44KB

      Download