Overview

overview

10

Static

static

10

Challenge_...m.docx

windows7-x64

4

Challenge_...m.docx

windows10-2004-x64

1

Challenge_...1.docx

windows7-x64

4

Challenge_...1.docx

windows10-2004-x64

1

Challenge_...y.docx

windows7-x64

4

Challenge_...y.docx

windows10-2004-x64

1

Challenge_...1.docx

windows7-x64

4

Challenge_...1.docx

windows10-2004-x64

1

tools/numb...ing.py

ubuntu-18.04-amd64

1

tools/numb...ing.py

debian-9-armhf

1

tools/numb...ing.py

debian-9-mips

1

tools/numb...ing.py

debian-9-mipsel

1

oledump.py

ubuntu-18.04-amd64

1

oledump.py

debian-9-armhf

1

oledump.py

debian-9-mips

1

oledump.py

debian-9-mipsel

1

plugin_biff.py

ubuntu-18.04-amd64

1

plugin_biff.py

debian-9-armhf

1

plugin_biff.py

debian-9-mips

1

plugin_biff.py

debian-9-mipsel

1

plugin_clsid.py

ubuntu-18.04-amd64

1

plugin_clsid.py

debian-9-armhf

1

plugin_clsid.py

debian-9-mips

1

plugin_clsid.py

debian-9-mipsel

1

plugin_dridex.py

ubuntu-18.04-amd64

1

plugin_dridex.py

debian-9-armhf

1

plugin_dridex.py

debian-9-mips

1

plugin_dridex.py

debian-9-mipsel

1

plugin_hifo.py

ubuntu-18.04-amd64

1

plugin_hifo.py

debian-9-armhf

1

plugin_hifo.py

debian-9-mips

1

plugin_hifo.py

debian-9-mipsel

1

Analysis

  • max time kernel
    130s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    17-02-2024 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Challenge_FIles/Employees_Contact_Audit_Oct_2021.docx

  • Size

    12KB

  • MD5

    d5742309ba8146be9eab4396fde77e4e

  • SHA1

    8aaa79ee4a81d02e1023a03aee62a47162a9ff04

  • SHA256

    ed2b9e22aef3e545814519151528b2d11a5e73d1b2119c067e672b653ab6855a

  • SHA512

    37367ea06191c8a949f6c092bc4137736b344cc9892bf8a19e149557919d9276fb1301009a700cede0f2ca05d6827c827992817aee7b8968a5429e433fe0c8ba

  • SSDEEP

    192:60L6GkWglL+bzW6mlHRrZu87Fym3tZknRIhRHNwC3Eo+ETdlexwDvx/jVm9CoDFn:603kpLTZJHm+Eo+ETd4weCoDFLFd

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Challenge_FIles\Employees_Contact_Audit_Oct_2021.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • NTFS ADS
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{C0717636-4CA0-44C4-A707-0F40EB748497}.FSD
    Filesize

    128KB

    MD5

    1b5181125d341f81d50c1a1d9aecb186

    SHA1

    4735151f6023a553971e0d07e36472e5eb7edcf7

    SHA256

    7b3db3db8a0e65cbb8840138c61c2b2bea9f9b4b3296ab3cba72a7b004941396

    SHA512

    4c98820340e4db195959f3b4466ab97321dacc19c7d1363550cc6bef1a5f7f2169369f2738bbfdde66011223e4d820b0c6e293ea53aeb38627d31ea20a513d11

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
    Filesize

    128KB

    MD5

    e2a0df244ef25aa7b77423f2656b8124

    SHA1

    55a3bf75854ca360df528a0b98ef63d7c121239e

    SHA256

    64e509e34ddd1508af27a15e9da36a4d1d315d3f4a56094396eb7958be34149e

    SHA512

    fb004cf8135c7d290b146cccf5ea07501afccb3836eda9e6b21b7f19cb0d0583d54ddf04b2fbeef69dec0066c4ad6ab7f5adadaf14a170962bc81cbe92cd2ed7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{A4E7CCC1-9AA4-42BD-A627-00F5147888C2}.FSD
    Filesize

    128KB

    MD5

    4f67448428efbeb5d6ad8bcd1fc95323

    SHA1

    8054f9901cd19ff0bcfcef64a00cb206480c5b81

    SHA256

    d43b7a11a06c25ccf1598ddeaef7b800c31f783b30ab208344243086094b4219

    SHA512

    03f1c3935b347bdfd2aff044967fa41365d34c18a5032134f66351a437df0c62f5b9e4b4f3f4829bed813537f453f0e480af3d565d70042cc1a0c5b1f09174ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{A327D4DE-D5F5-4BF6-BB9D-0D1492E24467}
    Filesize

    128KB

    MD5

    efe1d57222019bf978756d3cae99f772

    SHA1

    7d9bccbaf2c343dd4ba777025bba74d197c3cdb0

    SHA256

    0f8390c90d4108886fb555ccde42250a86711f85f9427fc6e42cefa789d72963

    SHA512

    e72db3849542cecaab2fc534f3fe5a54ea941a61c5149f612981e8b2465fac5c6c25f4f2b90e6d3abe6956a630bd561691005475e4a142d363dcc5bf2b8447e1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
    Filesize

    20KB

    MD5

    fd4badea8f427853ae83cf96065eae20

    SHA1

    f41051962d1ff11bb7fe2af94e3c1cf652eef82e

    SHA256

    37125b372bf03df81d2dbf4a5d37d05e56604fc930015390574317582f5305da

    SHA512

    4c4c94fb69641e209b9ff9dd45e1334c5c76fc6bfee916579cd397f60776c87b6b31b4cce55e040c89e66578abb65c42a2b93eb3198f83f8d799e40dbcd3f67e

    Download Submit

  • memory/2252-0-0x000000002FB91000-0x000000002FB92000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2252-2-0x000000007114D000-0x0000000071158000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2252-10-0x000000007114D000-0x0000000071158000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2252-91-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2252-94-0x000000007114D000-0x0000000071158000-memory.dmp

    Filesize

    44KB

    Download