a5de6df9430d1b9e900b43facc523353d98c46343fc8a7817f3d83297bc10d06

Analysis

max time kernel
0s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eadb63568de96f6f86bffc03b17ac4a2.rtf
Size

112KB
MD5

eadb63568de96f6f86bffc03b17ac4a2
SHA1

c8c37b217c68e79045627f7a490cbc2dc6550eb8
SHA256

a5de6df9430d1b9e900b43facc523353d98c46343fc8a7817f3d83297bc10d06
SHA512

b3e032b45526af1b158ff34400afa696d04bd1beed90f888ecef1ca7763df170be1c04f0feccf90bffd34560902d2749e8ba0def48fa32263d92ad593c920b0d
SSDEEP

1536:BQ5FZmoQ88R0ItukN+6wq1iiw/uoZ2IDE62mTimURiY2wv5u+7DtQjTa/Jh/GfNk:BYa7R0IQkNzoiw/H8grJPw

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	1920	1500	FLTLDR.EXE	14

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\eadb63568de96f6f86bffc03b17ac4a2.rtf" /o ""
1⤵
PID:1500
- C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE
  "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE" C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT
  2⤵
  - Process spawned unexpected child process
  PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1500-37-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-41-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-5-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download
memory/1500-10-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-63-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download
memory/1500-17-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-18-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-8-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-19-0x00007FF9A7F80000-0x00007FF9A7F90000-memory.dmp

Filesize
64KB

Download
memory/1500-64-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download
memory/1500-14-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-12-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-11-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-9-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-67-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-66-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download
memory/1500-13-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-16-0x00007FF9A7F80000-0x00007FF9A7F90000-memory.dmp

Filesize
64KB

Download
memory/1500-15-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-7-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download
memory/1500-6-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-3-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download
memory/1500-2-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-1-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download
memory/1500-0-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download
memory/1500-4-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-42-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-65-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download
memory/1500-68-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1500-69-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1920-26-0x00007FF9E7BB0000-0x00007FF9E7E79000-memory.dmp

Filesize
2.8MB

Download
memory/1920-25-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1920-28-0x00007FF9EA1B0000-0x00007FF9EA3A5000-memory.dmp

Filesize
2.0MB

Download
memory/1920-27-0x00007FF9AA230000-0x00007FF9AA240000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads