Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
23/01/2024, 17:26
Behavioral task
behavioral1
Sample
1.pub
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
1.pub
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
1.pub
-
Size
167KB
-
MD5
a7f1887efd58b55cbf87ee18539e8eee
-
SHA1
846cdf1edb2b3effbdedd068e26d6832f63ea7e7
-
SHA256
115fa0b837ce6b5d16c77212e8a694aaa2ea96c6030876c081749302c5bcb2d7
-
SHA512
ddc8d088276a16c217e7c913bc1dadbb4e76d57798db237bd31de85172ff465a9f212e032fa4a54ff18950af72f6148df9c8c8d08b40e080433afd8f8f9eee59
-
SSDEEP
768:c7P3Lo3NB/LHix26MeX4odogwgi4oVQYHgb2BLIiZmmmmmmm4PGJ8HUADIiqjW6m:AoL/LHix26UoGbgi4JkFIlmUWgW
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\Debug\WIA\wiatrace.log MSPUB.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\MenuExt MSPUB.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" MSPUB.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" MSPUB.EXE Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel MSPUB.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" MSPUB.EXE Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar MSPUB.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" MSPUB.EXE Key created \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote MSPUB.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" MSPUB.EXE -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2076 MSPUB.EXE 2076 MSPUB.EXE 2076 MSPUB.EXE 2076 MSPUB.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2076 wrote to memory of 604 2076 MSPUB.EXE 29 PID 2076 wrote to memory of 604 2076 MSPUB.EXE 29 PID 2076 wrote to memory of 604 2076 MSPUB.EXE 29 PID 2076 wrote to memory of 604 2076 MSPUB.EXE 29
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE"C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE" C:\Users\Admin\AppData\Local\Temp\1.pub1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:604
-