Analysis
-
max time kernel
146s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
31/12/2023, 02:19
General
-
Target
244a7e163d42fcddb89553eeea91efa9.exe
-
Size
17KB
-
MD5
244a7e163d42fcddb89553eeea91efa9
-
SHA1
d647e5d5c088a660638c410e5f021664ce5978f7
-
SHA256
2058dd10037d008cd1d66974e7c8b3f128ccb5961d909548d05d51414c8cdabc
-
SHA512
e4c85ecf33c24aeacf0b7953a2dc0bfff3e6e033865f0b23fdafd0174e82fb5e077366e17326597305864c28ef5e006ad732b91912aca6efc603396edc081daf
-
SSDEEP
384:jvQrgSuNMPOY+blFXWyAzcmlba3n59qC3Zth3BPr3B0S:jvN3NMPOYsFG5pm35h3l1
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 2 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself 1 IoCs
-
Loads dropped DLL 3 IoCs
-
Drops file in System32 directory 3 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\244a7e163d42fcddb89553eeea91efa9.exe"C:\Users\Admin\AppData\Local\Temp\244a7e163d42fcddb89553eeea91efa9.exe"1⤵
- Modifies WinLogon for persistence
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding1⤵
- Modifies WinLogon for persistence
- Loads dropped DLL
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exesvchost.exe2⤵
- Process spawned unexpected child process
- Deletes itself
- Loads dropped DLL
- Modifies registry class
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
23KB
MD522dc58f3eda8e2238e382f64f939ba18
SHA14d1bfd2f6dd19c8b343862742ad58df74032a842
SHA256420e21954b192a41b58fc9230f0768662271b4b88710c02080bbc4e72e37261a
SHA5126259bbed518b9d4feb2334910e72a8708046eed4e4c4787e2522784451180b5c226f1e7e15b1763d6d7639bc46ff6cdb886373dd9c56293162f398af83b40cfe
-
Filesize
25KB
MD5ef00c17ee9f648b3a8fd94da0ca922a0
SHA1c8e5a808e740597542c9fe6c7385aadff65852b1
SHA25668c98fdbd459b39b0e3d3413823773f6e87f8d5afb0cc5e2dc5e6282cdeddebb
SHA512a34f37f6e7b6c32387847f6bbd22c4bcecb41a83e7335a553f12711307e086fbf2f0e2af44554bfc94f81ab18408ad24e59c30baea7f06d507bf61e736e746fa
-
Filesize
4KB
-
Filesize
56KB
-
Filesize
56KB
-
Filesize
4KB
-
Filesize
44KB
-
Filesize
64KB
-
Filesize
1024KB
-
Filesize
64KB
-
Filesize
44KB