e42bebb9fcc1905e26b469ddf4b171621904415bf26467d4857e06f2fd18c8e0

Analysis

max time kernel
1s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

426df310b1e03c20e9b66358e8272875.rtf
Size

213KB
MD5

426df310b1e03c20e9b66358e8272875
SHA1

0fb84b64eb80ce56c45fec46bdc5fdac47e0248b
SHA256

e42bebb9fcc1905e26b469ddf4b171621904415bf26467d4857e06f2fd18c8e0
SHA512

cda69d9a77374456f6e71ca848e49385836f2352dcd16df1d60fe686f02b70d6e12d438ecca3c24665132c4ca4587f0e03ac8e5d5957e07ba94c37695187d85f
SSDEEP

1536:Uk3F/uWU3D/qO0bi49dIxOSnxFQjx4XZ7mmhL2qQJBpqQur4r5Ly+SCxSHRW2HNa:UO/uWUekHnxSjCLhqRJjN8tA9

Score

6^/10

Malware Config

Signatures

Process spawned suspicious child process 1 IoCs

This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	3228	3512	DW20.EXE	16

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\426df310b1e03c20e9b66358e8272875.rtf" /o ""
1⤵
PID:3512
- C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE
  "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 2340
  2⤵
  - Process spawned suspicious child process
  PID:3228
- - C:\Windows\system32\dwwin.exe
    C:\Windows\system32\dwwin.exe -x -s 2340
    3⤵
    PID:3184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3228-23-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3228-36-0x00007FFF72B90000-0x00007FFF72BA0000-memory.dmp

Filesize
64KB

Download
memory/3228-37-0x00007FFF72B90000-0x00007FFF72BA0000-memory.dmp

Filesize
64KB

Download
memory/3228-38-0x00007FFF72B90000-0x00007FFF72BA0000-memory.dmp

Filesize
64KB

Download
memory/3228-39-0x00007FFF72B90000-0x00007FFF72BA0000-memory.dmp

Filesize
64KB

Download
memory/3228-40-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3228-25-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3228-27-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3228-29-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3228-28-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3228-21-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-15-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-16-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-6-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-5-0x00007FFF72B90000-0x00007FFF72BA0000-memory.dmp

Filesize
64KB

Download
memory/3512-18-0x00007FFF707B0000-0x00007FFF707C0000-memory.dmp

Filesize
64KB

Download
memory/3512-3-0x00007FFF72B90000-0x00007FFF72BA0000-memory.dmp

Filesize
64KB

Download
memory/3512-12-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-14-0x00007FFF707B0000-0x00007FFF707C0000-memory.dmp

Filesize
64KB

Download
memory/3512-17-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-10-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-0-0x00007FFF72B90000-0x00007FFF72BA0000-memory.dmp

Filesize
64KB

Download
memory/3512-13-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-2-0x00007FFF72B90000-0x00007FFF72BA0000-memory.dmp

Filesize
64KB

Download
memory/3512-1-0x00007FFF72B90000-0x00007FFF72BA0000-memory.dmp

Filesize
64KB

Download
memory/3512-11-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-9-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-8-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-7-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-4-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download
memory/3512-41-0x00007FFFB2B10000-0x00007FFFB2D05000-memory.dmp

Filesize
2.0MB

Download