Overview

overview

8

Static

static

8

96531aa92f...ac.doc

windows7-x64

7

96531aa92f...ac.doc

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96531aa92fea384f3764c32979dd04ac.doc

  • Size

    41KB

  • MD5

    96531aa92fea384f3764c32979dd04ac

  • SHA1

    b74714618cbcbd5832d5924c76a3743c57ac57f9

  • SHA256

    f839a54f9b34610b91a1228de033fee3b510bcb35684c692acdfb8f9399a9b53

  • SHA512

    478357c39bd29d802b3fa0e15c0d0c3fce0f5d04aee6d3147cd97380c18666d5c4187b8335a473d4a2cbd86499b62df260314179a06bc7dd816c1210d81fe8d6

  • SSDEEP

    384:lcxbjuWOm2EuCqzRsvGuX2yD2DLns56FVNeE5O/SBVHXaaw0xAtFGBH:lcxbjHOmz4zR42vsQRcK2f0xK4H

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\96531aa92fea384f3764c32979dd04ac.doc"
    1⤵
    • Deletes itself
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:580

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\96531aa92fea384f3764c32979dd04ac.doc
      Filesize

      54KB

      MD5

      e5b05db158957b4f1f6bbd4eaf5bb651

      SHA1

      bccb0ea3513da5724128c010bf67e6b9aea308e8

      SHA256

      b9093da29faa1bcf3ab88ba7817b836a33c9cdd198f8f7338721bfe12ee94f28

      SHA512

      56bc67f3e94ce58aa28de9f0460f1fb48ce0d6b1a72ef1a3f543a2d57a55645279a0c0e741e477ce5278ec218433016dcc587f39540a28e90aa1d8e6d1b59fec

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\VB6A68.tmp
      Filesize

      8KB

      MD5

      5a9583a46298dab96c11d14020f68454

      SHA1

      3708a58a12b637e2236f48a4bd170670ad120fa6

      SHA256

      66573ff2d4a95363bae5ea05cdd51859275fb842c81a281e2844799113c18bc9

      SHA512

      562e3896f208e159482dad3dfa1b5da58e6b0498ab7e2f91e5d2febe560ac8074798c05f323a8b550affbd0e700fbb41d95724ec6899c08257ccdf4da487118a

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      33KB

      MD5

      c268143a0e579fcac0948ce5e9210091

      SHA1

      bedd5f9d828d3edb7f2bc57175d8d2bfc2be91ee

      SHA256

      11d8aeacf6b6ac73e5e60605997cf9e119a338b37d70947eb688c58b097920dd

      SHA512

      50a51ad508fd7e21c2248076a0fd83178dcfbc5ae0d68eb73a1718afa08b3072cca7fc337102a803ce613fbbe09061328813bc9d144637a7bb24e7d49a75bee7

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      33KB

      MD5

      6c38880b55a8b9e3bc06dcc076044a47

      SHA1

      692e60e89f7fd064b2081212094ad7f0ab94c758

      SHA256

      5670e0583fafe75d74cc9b98cef57f6e6563cb1e3a00a836d76518f7b6ccb4b6

      SHA512

      578ac25f9ea479da5acc8fd833c2594037f715630ad8ed2ccd815375137c5f3c0c2c4f82b44e6b2bd7a66f59230d486dc1e506ef404207844565c450947711ef

      Download Submit

    • memory/1752-30-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-35-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-9-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-10-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-11-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-34-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-15-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-16-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-12-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-13-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-17-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-18-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-19-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-22-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-23-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-25-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-0-0x000000002F811000-0x000000002F812000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1752-31-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-8-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-33-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-14-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-38-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-39-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-36-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-41-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-42-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-43-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-32-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-7-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-62-0x000000007167D000-0x0000000071688000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1752-63-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-64-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-76-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-6-0x00000000006E0000-0x00000000007E0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1752-2-0x000000007167D000-0x0000000071688000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1752-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1752-134-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download