Overview

overview

7

Static

static

1

d8ed85071f...f.docx

windows7-x64

7

d8ed85071f...f.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 14:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d8ed85071f9b7a2bb66ad3e65e539e1804f7751843128480fa21503ce97385cf.docx

  • Size

    297KB

  • MD5

    e726520b3ad875b516df6c3d25476444

  • SHA1

    e09a0c5efe7bd37a83c2267c79b2334daeb861a8

  • SHA256

    d8ed85071f9b7a2bb66ad3e65e539e1804f7751843128480fa21503ce97385cf

  • SHA512

    dda977b4d5286a17d32a0c9f23f769b6e65f32472fc3c1aeeb3cf872dae7439cee328c0140211a268dd2637f1443d21c477db45ddb46d152b9fda8c5a88354ff

  • SSDEEP

    6144:N1SSl2aF5tj9fmGWxeISoKvwKLz6jHCkQzLX/SQRRd0fmu7:N1S3a3e7xY7vTfgHCkQHu7

Score
7/10

Malware Config

Signatures

  • Abuses OpenXML format to download file from external location
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\d8ed85071f9b7a2bb66ad3e65e539e1804f7751843128480fa21503ce97385cf.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2708

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{0DA45125-6650-44B0-9690-23226EF8CFE9}.FSD
            Filesize

            128KB

            MD5

            d34d5319cfab0b22963ccf08d1c53662

            SHA1

            343840e8e08784eb61992de7a7c17388eb0ccfe6

            SHA256

            b72391d0455346d61a3588afa994002129b139e7eb6c955c6df9fa5faf95c65d

            SHA512

            53243972de30a89eb64f05ce1188e9a6f4bdf73ccdb7c33613835c6dc44bd7cf283228f6a0f002e477fccc5af4358f7ab71a13807947d4ee90b63a0c111ada47

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
            Filesize

            128KB

            MD5

            3f8cb7fa76c2d3cc44b3d449cb09e8ac

            SHA1

            f419cf74a104ba44d8ec4495928afe7a686f7604

            SHA256

            282a3fc787764eeb24375fe25ca22f955f4c0f26d222e36802ca57e511a810fd

            SHA512

            3fcec0c757a51dab98b16e21d13c7bb10ba5be88784a79d21b37df103399a2add4816075dac77badb532b40d49644203a507802846c3fab371cef8d55eaebc24

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{331475D4-9A02-4B41-ABDC-A44A34A1B3B6}.FSD
            Filesize

            128KB

            MD5

            10dbcce30af0daf8e17acc99e3c655b2

            SHA1

            c604294bea565b796b479d6e34da4f3e8eb9ce09

            SHA256

            275f8f10bf0fec6295683d7c672fa92f7cb7ed31aa7eb36030ec7970fa84bba1

            SHA512

            bbaa65b94a1d298c4390dbc44f9aeee3104e9dd1d41297f0724cc6a9ad47c6389c5d213f0dca9368321160da94798115deb442db1e13f3149bb055ae92bfb85f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\{542F612C-7B40-4115-9BFB-DD2A790BD492}
            Filesize

            128KB

            MD5

            b03f9e9719648196b91a687df92b1318

            SHA1

            d227b6c3e68cbec751472bdf610d01b5d6b869e9

            SHA256

            aba48796ea18d6405ddd5109091b8d105cf9f2c040815afc24703e779f7eaf9b

            SHA512

            5d561f02139cb2df1fbac0a721de2feba563fc1325b311499474acee3e837251674f696d8271e3ae96d2f89ea6a18a5126d79f232cd5c685296a20cb40c03fcd

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
            Filesize

            20KB

            MD5

            2937cf6d6c253cc0c18667ea15cdeb05

            SHA1

            031913438f78f7acb94d934206787ceb3c00b151

            SHA256

            fcab2bfa4eedec450b1dd60e473f2be96eefc87fbef4a5ea66aece26fd9c6d8a

            SHA512

            45da4b4af32e3b27eccd86480129ad804cbd9cd33e5b9059929461c6d9ed37a3658a9b4d353b4244c1f6f342337ab690a188013bfe723d91214e451b183290b7

            Download Submit

          • memory/2756-0-0x000000002FBF1000-0x000000002FBF2000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2756-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2756-2-0x000000007179D000-0x00000000717A8000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2756-68-0x000000007179D000-0x00000000717A8000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2756-89-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2756-90-0x000000007179D000-0x00000000717A8000-memory.dmp

            Filesize

            44KB

            Download