Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 10:16

General

  • Target

    33a4655fd61e471d8956bc7681ee56a9926da91df3583b79e80cb26a14e45548.dotm

  • Size

    67KB

  • MD5

    549334edbfacd98b6c5c3154949d5b12

  • SHA1

    a17eef04cf987d16ab2f7c23f97885e6e428f500

  • SHA256

    33a4655fd61e471d8956bc7681ee56a9926da91df3583b79e80cb26a14e45548

  • SHA512

    eac1d31ec581fa694c38ecd0109e2b5ff3510bd26e45b2939b4cdb3f1d75e3b74516b4004db9a774df4739c4476262f4db92ba76768cb46fa2e8da32ffe537db

  • SSDEEP

    1536:ruTk2YSjvnD9AxoD+u9yqYjc5zZP80/qv13oteePEl+p0X+p7RFVBaIA:K9KxQH9T5FLiv13ZAnp3GIA

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\33a4655fd61e471d8956bc7681ee56a9926da91df3583b79e80cb26a14e45548.dotm"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:536

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

            Filesize

            20KB

            MD5

            d7029a899535a652558e77bd4a804df9

            SHA1

            5c0115630ea5bea8a49a8ddbba9e81c1f345ab46

            SHA256

            1872188e152dc5d4f1945efa5bc0aef892be02d4e0d2cedb56641e74c95186c2

            SHA512

            341e306aa7493d4d02fb2df80d51ce07fb19c51ee99ab56720110e393373d51306fadfbf67791ca49e2901a38769daf8b3d8d39ce7f1c1bd089e7bbe1532e240

          • memory/1932-0-0x000000002FC01000-0x000000002FC02000-memory.dmp

            Filesize

            4KB

          • memory/1932-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

          • memory/1932-2-0x0000000070C3D000-0x0000000070C48000-memory.dmp

            Filesize

            44KB

          • memory/1932-5-0x0000000070C3D000-0x0000000070C48000-memory.dmp

            Filesize

            44KB

          • memory/1932-26-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

          • memory/1932-27-0x0000000070C3D000-0x0000000070C48000-memory.dmp

            Filesize

            44KB