Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 10:03

General

  • Target

    28de2ccff30a4f198670b66b6f9a0ce5f5f9b7f889c2f5e6a4e365dea1c89d53.dotm

  • Size

    32KB

  • MD5

    bdf188b3d0939ec837987b4936b19570

  • SHA1

    aba938bf8dc5445df3d5b77a42db4d6643db4383

  • SHA256

    28de2ccff30a4f198670b66b6f9a0ce5f5f9b7f889c2f5e6a4e365dea1c89d53

  • SHA512

    63b39390bd9702fa01e8d2ac63d63d37545547c0abf2c6403cd11e329d546716f313cb8e1f2a167ffd1ebd2cf56a205423359270563a19deaf9b167a3691c5ac

  • SSDEEP

    768:DiehqsoMCWBJ9B23vxllNuLWlX9Ymzj+3BaVk7oXaFa4:Di9soc5B0vB9t9YWSBaUoXaQ4

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\28de2ccff30a4f198670b66b6f9a0ce5f5f9b7f889c2f5e6a4e365dea1c89d53.dotm"
    1⤵
    • Deletes itself
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2916
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2444
    • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2784

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\28de2ccff30a4f198670b66b6f9a0ce5f5f9b7f889c2f5e6a4e365dea1c89d53.dotm

            Filesize

            45KB

            MD5

            0bd3d6e8d36b42cd0d772b5b1cc6dd15

            SHA1

            0be5826ccdf3ff4ff92dea7586332ea6f50228e6

            SHA256

            18c1d4f2781f98a0ae9131dedee10accff8061732056a319e89a629d19517be1

            SHA512

            931bbcfe66f89a49261c9590cf641739e809d5c430fc1daa5fd29b99c0daba154e0ea47d9d28c2282cd9f42492dde77339f4461bd79edb8dc03b8b024133724c

          • C:\Users\Admin\AppData\Roaming\Microsoft\Office\MSO1033.acl

            Filesize

            36KB

            MD5

            0daab2b91315a8859daee807fb1d0a8d

            SHA1

            116cb5aac03402a3babbb443cb173c99b6f04525

            SHA256

            c992eec5f5c6905b3d269347333af7b0940e0b1e0fc0d414b82e3e7317b070c6

            SHA512

            0fc9b891940533f2c9f49294e13a47fe5785ed1a889aa0f3afddf8471216304a8d2d6699d536a867cc2861e274aca2a4450e3f94138901bd344efb9f7bdea332

          • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

            Filesize

            55B

            MD5

            b04fd3884038b13390e7a065db5af8e8

            SHA1

            77766abc66b4466c2bbbf7c95ffce8e88888cb2a

            SHA256

            dbfc917519388f434307e61f1e03c6d76817d90ff746217f0f9c06858c3c3650

            SHA512

            a1739f2774f4bb11335eaec921a76736a0f5ec3a98c04fbf0777e902c07c640bc90f4806710d12e34f9f51d855044f007a1519f779eaf1754e533134b2a0e8e4

          • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

            Filesize

            20KB

            MD5

            2613e069bd1a26cd5d0c51b8bda2d65a

            SHA1

            e2bc0cd8d6aac818d5f7f2c1b64dd261104b4acf

            SHA256

            c4f0afb2912b889570837d8f030b2887f31426dd7f1034d4329d91ccbf591a7a

            SHA512

            059bd0a45c1b76c1781dfbd7c458aadd8d7ee37639885137f499e3d777852d4c6b4814012acd614853220356b9ef30a52b7c1e5ae58d754d3d1289e4e7f102d2

          • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

            Filesize

            2B

            MD5

            f3b25701fe362ec84616a93a45ce9998

            SHA1

            d62636d8caec13f04e28442a0a6fa1afeb024bbb

            SHA256

            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

            SHA512

            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

          • memory/2784-86-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-56-0x000000002F781000-0x000000002F782000-memory.dmp

            Filesize

            4KB

          • memory/2784-153-0x0000000070E3D000-0x0000000070E48000-memory.dmp

            Filesize

            44KB

          • memory/2784-113-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-101-0x0000000070E3D000-0x0000000070E48000-memory.dmp

            Filesize

            44KB

          • memory/2784-100-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-99-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-96-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-93-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-94-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-92-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-91-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-90-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-89-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-88-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-87-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-85-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-83-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-84-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-82-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-79-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-75-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-76-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-74-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-73-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-72-0x0000000000550000-0x0000000000650000-memory.dmp

            Filesize

            1024KB

          • memory/2784-58-0x0000000070E3D000-0x0000000070E48000-memory.dmp

            Filesize

            44KB

          • memory/2916-29-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-27-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-47-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-49-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-50-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-52-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-53-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-54-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-51-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-30-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-33-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-25-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-66-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-35-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-65-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-69-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-70-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-71-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-68-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-36-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-67-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-34-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-31-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-32-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-77-0x0000000070E3D000-0x0000000070E48000-memory.dmp

            Filesize

            44KB

          • memory/2916-11-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-80-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-9-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-28-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-26-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-8-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-0-0x000000002F781000-0x000000002F782000-memory.dmp

            Filesize

            4KB

          • memory/2916-24-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-23-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-21-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-14-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-19-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-20-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-18-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-16-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-17-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-15-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-13-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-6-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-103-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-12-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-114-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-7-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-10-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-2-0x0000000070E3D000-0x0000000070E48000-memory.dmp

            Filesize

            44KB

          • memory/2916-162-0x00000000004C0000-0x00000000005C0000-memory.dmp

            Filesize

            1024KB

          • memory/2916-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

          • memory/2916-185-0x0000000070E3D000-0x0000000070E48000-memory.dmp

            Filesize

            44KB