Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 09:32

General

  • Target

    0d01b24f7666f9bccf0f16ea97e41e0bc26f4c49cdfb7a4dabcc0a494b44ec9b.doc

  • Size

    2.3MB

  • MD5

    3f326da2affb0f7f2a4c5c95ffc660cc

  • SHA1

    f38abb67d47a4f69536ae67aa9c6df7287c08869

  • SHA256

    0d01b24f7666f9bccf0f16ea97e41e0bc26f4c49cdfb7a4dabcc0a494b44ec9b

  • SHA512

    83b322f899801920604457910c262500490f518591d9d0eefaccec59db98b546c76cfc4c1ac7f2fb08253b1201d76c5d6eaf5600a6d3793c4f3cba16c1f8cd18

  • SSDEEP

    24576:uguUgXlNGKIZyltJSR3PlRiBwlvQn5tNXw9OSTwbB3UGIpVoR1sLAXI3TYF+PXyx:unUgQWtIBlR7vQN3dBMRUXIDkCy

Score
6/10

Malware Config

Signatures

  • Process spawned suspicious child process 1 IoCs

    This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0d01b24f7666f9bccf0f16ea97e41e0bc26f4c49cdfb7a4dabcc0a494b44ec9b.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2052
      • C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE
        "C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE" -x -s 1328
        2⤵
        • Process spawned suspicious child process
        • Suspicious use of WriteProcessMemory
        PID:1516
        • C:\Windows\SysWOW64\dwwin.exe
          C:\Windows\system32\dwwin.exe -x -s 1328
          3⤵
            PID:2596

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\31F37FEB.wmf

              Filesize

              316B

              MD5

              fe97064665ebe15dd56dde1edd2df969

              SHA1

              fc1133b9d239822dc7e52d48b242dc5dedd3393f

              SHA256

              b7f0b658e073b348819687bef0a3971ceab0f29c4c405eb650936f32420cd0d8

              SHA512

              5b81d88df4a0627d51ce5b0cd3852b4a16299f099026d998763ea374b9f4a5b877faf25c5be1d9ccfb3223f079b382a027a99d82f862607e4455f7bb3fd365b7

            • C:\Users\Admin\AppData\Local\Temp\259428586.cvr

              Filesize

              1KB

              MD5

              c084bc06b1b4238191f6cc43381f50b5

              SHA1

              567d4b270e34a5c645d34a43f6f23b8a6d73dfdd

              SHA256

              764d34e5643b3e6842bd7dfa2d3938be30132d23f9c0f6824b3f2f3c1433e82b

              SHA512

              6df80127b1984652f4c2c9f5a10c6e44f70944d6753ded1497a9d91ec5d66e0ee0dbe980f9cd976d601a1a1ce3c23e98092db14710015d9ea8325625ba088a6a

            • memory/2248-83-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-80-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-2-0x0000000070FDD000-0x0000000070FE8000-memory.dmp

              Filesize

              44KB

            • memory/2248-22-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-23-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-27-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-28-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-30-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-32-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-31-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-35-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-42-0x00000000063E0000-0x00000000064E0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-43-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-50-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-52-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-51-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-54-0x00000000063E0000-0x00000000064E0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-53-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-49-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-56-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-57-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-48-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-59-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-67-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-72-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-73-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-76-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-75-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-77-0x000000006AE80000-0x000000006B0E7000-memory.dmp

              Filesize

              2.4MB

            • memory/2248-84-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-7-0x00000000056E0000-0x00000000057E0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-0-0x000000002FC51000-0x000000002FC52000-memory.dmp

              Filesize

              4KB

            • memory/2248-68-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-82-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-79-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-78-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-74-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-71-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-69-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

              Filesize

              64KB

            • memory/2248-81-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-66-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-65-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-64-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-63-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-62-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-94-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-61-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-58-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-47-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-46-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-45-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-36-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-34-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-33-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-29-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-26-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-24-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-25-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-88-0x0000000070FDD000-0x0000000070FE8000-memory.dmp

              Filesize

              44KB

            • memory/2248-89-0x00000000056E0000-0x00000000057E0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-90-0x00000000006B0000-0x00000000007B0000-memory.dmp

              Filesize

              1024KB

            • memory/2248-91-0x00000000063E0000-0x00000000064E0000-memory.dmp

              Filesize

              1024KB

            • memory/2596-87-0x0000000000330000-0x0000000000331000-memory.dmp

              Filesize

              4KB