Overview

overview

10

Static

static

1

DHL-LHER00...3.docx

windows7-x64

7

DHL-LHER00...3.docx

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DHL-LHER0006981753.docx

  • Size

    30KB

  • MD5

    03cbc5e4108df2ef09177dcd3821f1f0

  • SHA1

    ab408a500d69b96f934325da1b903c0c6d171a37

  • SHA256

    bf5f7e0398d78184a6efa2368b9faad3a45b5fa69767d36f02dd9ab7d5c419ce

  • SHA512

    1950c7903e8a83408fdfefdac353dc193f7903f0a66b49bb30bfa2f3d08761a6508c833d4e820a5d7b8d260944ebac702c0567e8fc45473ae08c0cc0b16d66da

  • SSDEEP

    768:GhnTgmuFze6jgomfsRYKiAMx9Xg0mpOSqwCot:wV+66rCYYek9XmZ/

Score
7/10

Malware Config

Signatures

  • Abuses OpenXML format to download file from external location
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\DHL-LHER0006981753.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1772

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{121B88B7-84F0-4BCA-AFFF-29C1FDC4D04A}.FSD
      Filesize

      128KB

      MD5

      3ad4ebd3d7484c576ec791beb9324012

      SHA1

      6bc15c429b1a7a6706fd612e45bb6efb1d45e782

      SHA256

      6cb7c604d5caf8474ddf17e3b1b2f99f2f82c57af03ab96df60d966e74460fad

      SHA512

      04fdbb2252a2441117cde0614207a42ee24aea21bb2fa307352b838b81534bad50f56bffa4cff4c5998c827e96b7afd5ac8b88aefbd1fc34a49b897c9aae7e9c

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{6255D7C5-4D97-404D-BC68-FE0F07822975}.FSD
      Filesize

      128KB

      MD5

      f75fa40bfbd3c29935524a1a95876ff8

      SHA1

      7b326570d4768b7baa43272ad21fa84e9cd66f28

      SHA256

      36b75adb229446fa9ee061392bef9fbb114537e9247b506c48fbb0a741848925

      SHA512

      4d22e88a3a2fb88ca5ab4883198f6c3a9a1ebe29a70a8ba69482493649787ea063efbff3772e0eb32146c4888774582ce21700df75bfd01f0431a55f5bb357fc

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGM5U0T3\dyown[1].htm
      Filesize

      1KB

      MD5

      c4925ee6b89dbf6ab22f21c99771b965

      SHA1

      eb07b7a3c0fad742d476bb907fadc300c04a9d82

      SHA256

      fb62496c0a349b58a6ac773f8065fa33b3f1548bfc3589c47b3adbb7c9c19d55

      SHA512

      abb99f2f8bea0b34beda6eeaef90aa34d88f604b5ae3a2926b1f38356e623e84f62f7a2c0973e08af268891bd90c0bdc766c2a6008ae96f5ca980d3854481cf1

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\353D2AB5.wmf
      Filesize

      642B

      MD5

      4f03b86e4d6631c26ff5fffc7332be1d

      SHA1

      14952a78ea51df67d5b5b6c6b4de3d96ba7935bd

      SHA256

      83f4ea26254d69825486bffd1d400217aac7245c5c48fe5acc3ccdea173c4851

      SHA512

      4bed29b66444d826e89589b55dd786758ff68fcd2daf8296703d4443edb991fffce563e20db22bfb34fdb488638bbb43252392b6c105d12e721329adc2774632

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6033B010.wmf
      Filesize

      370B

      MD5

      271d85431b6b680813e35000305ddd89

      SHA1

      b943a11edf9612f9feca7d91985afb473191ebc5

      SHA256

      041186bc3112af22e8608a6db5ffbc11ea061eb66aa095d902bf2e30d482c032

      SHA512

      700308335934104e86fe47c8dbcb0b7d9e1864b1c8acd524505258440bb2d2734696a03447d8f0822e042c3156b6e0b580dfc2f36342f2e5d946a32773268b19

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\{663E1CA0-4CD2-40E1-ABB6-744AEA65C95F}
      Filesize

      128KB

      MD5

      b73c44ed29b826a722a368fe0b79eb22

      SHA1

      e569b839a4183f1520ac5c3acea4d7d9c93ccc4f

      SHA256

      13094583b98aae5a65981a49cf1a6f3f32e2a2c329b1bcc5abfe5d2e147189f8

      SHA512

      8a2f223b35bbdd7390b64263002cb1665eacf3044e993cbda48ca0d4992cc96b17caffe70a003364624c0de9e7f1a58416cc5c7bb396d276fe2d8ba84a757716

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      6d846dfdaf8b8c680cbf59e6f349c218

      SHA1

      a5137ef8cd19f849b0670dc754c4df242296e03d

      SHA256

      2687868d93290697539caf867cd3c69de8fa19e7b4f046b1b6d169ae2de5fa93

      SHA512

      6cd3752e4fca5498f35081c08f5342c3d04714e54fac6a1fc8b6692f86904b3c58e587cf38c4841cb4186ab27abd28a7e8c2434adbd43024235b3dc7f31c2003

      Download Submit
    • memory/2032-2-0x000000007140D000-0x0000000071418000-memory.dmp
      Filesize

      44KB

      Download
    • memory/2032-1-0x000000005FFF0000-0x0000000060000000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2032-113-0x0000000007290000-0x0000000007390000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/2032-0-0x000000002F991000-0x000000002F992000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2032-137-0x000000007140D000-0x0000000071418000-memory.dmp
      Filesize

      44KB

      Download
    • memory/2032-160-0x000000005FFF0000-0x0000000060000000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2032-167-0x000000007140D000-0x0000000071418000-memory.dmp
      Filesize

      44KB

      Download