Overview

overview

4

Static

static

1

b1a2eb532c...5e.doc

windows7-x64

4

b1a2eb532c...5e.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 13:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1a2eb532c461ff2faa4ec9edf44d2ef5678ee1a84a8779866ad64fa8b52065e.doc

  • Size

    80KB

  • MD5

    c7a1dd829b03b47c6038afa870b2f965

  • SHA1

    01936b7c17d0283d7d8101436e1a5ddfc42bbf4c

  • SHA256

    b1a2eb532c461ff2faa4ec9edf44d2ef5678ee1a84a8779866ad64fa8b52065e

  • SHA512

    cddea258ab54315d5935698edfb91a65c826cadcb5cab8deb680a7d8e29c966d6c5fb741f232ec0acb01c91ef8444a50399fbcec242401810d64d6e196119ff5

  • SSDEEP

    768:1x3CYsWA83WHWyQYv8tkBOSNB3y7ikBOSwOTmEkBOS9H:r3C9WA83WH0o2kry7ikwHEk9

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\b1a2eb532c461ff2faa4ec9edf44d2ef5678ee1a84a8779866ad64fa8b52065e.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2152

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{BE990172-1169-4865-B2E0-5F1650F057EF}.FSD
      Filesize

      128KB

      MD5

      f57a77de5ed6289ef49cf13fd44b9428

      SHA1

      a9ab0b580164f2a483e40231b1d3a1b3a5a2ce8a

      SHA256

      85bcd682a7db26f9f48f160d69b6eb106dec50756ba80f7798fcd49368581777

      SHA512

      beaeb18e923a1e0b777e209d3bf6014ee9559cae66e215c753e9d5d42052d4223d2f8e4dd36adc52f9a411de5312f22681decb109bbb724fcff7f127e4579ff5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
      Filesize

      128KB

      MD5

      32d66e4b3ea49192db6015e8204b0de9

      SHA1

      526fcfe0f1aed27110db6c70b86620241503e9ba

      SHA256

      80c272065d0f93fb717871d66b55fdec8e7215477d0f01c3bc12f655578f4259

      SHA512

      f9760b060fbcf073a338a9b0d9b4fb1e182412ac6deebe377b50ba931db3d597e070c691d2d473b787770f915aa0d1991206d0b89607909006ae4cd3b7a42ed0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{C8D20D13-3243-4FCA-8979-07CE33618957}.FSD
      Filesize

      128KB

      MD5

      cd6369e96b18217ef718a6e7b2cb1eab

      SHA1

      eec613d0f876254241bd2620ab378e6f464ea31e

      SHA256

      9907986b9855376032205c39b6b71ee12b259a5ffa5783ccf5a68eda3b56abad

      SHA512

      547592ef42ca46c8788cf404a35309820969d316e0240f67561ff52b61c844083972f32f263696dbe59466fd6c3c13b335b628dc547af055502926ad54664cda

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{0E8BD125-21EE-41A2-AA19-B95914F7F1C8}
      Filesize

      128KB

      MD5

      f07ca01863e3f7958dd05d80a5ff2d9e

      SHA1

      30d84ab12f8d8df3628a1fb67cc0b64c09891260

      SHA256

      c202787f8212c05437b3908540b0328f1095555e0892464404d0d7ea6a666878

      SHA512

      bb2f7573f8084f1b53aae0a5d294a87a6e7a55339bfbd8263979d22e35b75fed0c576336727fb437689955575d22db9cbaecd63b453ff4d0928b571acd5152ad

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      1db9f21031a38a62c74e19511059078e

      SHA1

      116c254fb20c8346f6c072d0e02f1ab109ddecd1

      SHA256

      c8662b8169318a0f31ea7cfa0ee25b0251a700e609451341024dc309c62ee950

      SHA512

      f4c7664524c8cd9538390c38736a72cd060f945cd8cbb1fd9727fb85e611983e5904ce3976d26c1b4880b2769eca95d0ebde1f11cf0aa0be9286f0aacddb4030

      Download Submit

    • memory/2108-0-0x000000002FC01000-0x000000002FC02000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2108-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-2-0x00000000714AD000-0x00000000714B8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2108-68-0x00000000714AD000-0x00000000714B8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2108-85-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-86-0x00000000714AD000-0x00000000714B8000-memory.dmp

      Filesize

      44KB

      Download