Analysis
-
max time kernel
72s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 01:25
General
-
Target
Melbourne _ Tuesday May 2024..rtf
-
Size
846B
-
MD5
2779cfcf0950f232da3a0c827f5392f9
-
SHA1
31c375ab1b04ebfdb36f8b96c2a00943badc234a
-
SHA256
f1adbe7898b11ccd4cde7f1c4639f637ce24a9a50c0aa1a7059d71f7c11e5780
-
SHA512
86e85ef9694544c8f5a92997ed4465ef5af9f46b114331cd3a49f12eb4ced5a8ce3109567d195222e2679ec1da178d1de7efdcf0f33cdd9329af524bd1f10a69
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 31 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Melbourne _ Tuesday May 2024..rtf"1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5f79758,0x7fef5f79768,0x7fef5f797782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3320 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3476 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1364 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2324 --field-trial-handle=1228,i,4553181784676224856,1450547636994290853,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD5d0b1cbaa25cc7c161efa96c08f9a03ba
SHA1a95c32f176bc9e4db12a3236ef4385a66217d1e3
SHA25610f5220de4a1fbcb560f599f7777c4a673e521707f9e1efb8690b13c7474f85a
SHA512525e150dd104e660ff349b965ec88d97ee3098eb84aea556c1afd0e029d74fb47896ebab218aa12fd1c524984103d05cb74960c05d23375a75e01ef0bbe00f2c
-
Filesize
344B
MD5f259c00b03fe4ba9f3d62a2df55b6b19
SHA1ae05c4faa14847928c0887082663193565ab439e
SHA25667610993d716099319b3d678ea4fdeb12b6b2a62be6bb59f38e1bec54f67537d
SHA5121e06076a8a05049a1d6826af01acd521f6244b6e9efd60ae657c36ac3c7dc27e0e160cf745ccb4330db0b3275a4a0538811173ba13674cb881d25a4f690ad1e1
-
Filesize
344B
MD5a9719262223c817d699bce2ff3176a15
SHA1503a451cdd18128f0ec3486e4be492ecf21e1ed2
SHA256a11a582985dc26db5eb135153531e02635ff70af406e57e0dd3d04f03cb96107
SHA512768288684ee696db066be0b4c28c40c757debc0c90f131c8ab1c061f39b17218977f2bc48b97c4e71dd30818d1508ecc6e84b3131ecd5a1aa0407f83e1002c91
-
Filesize
192B
MD5cd7cf54b1f7f511479bf557e2e772506
SHA154a324984d970fb088f7b19d8e064aec9c3645ce
SHA25680202bd6e3da4d940d0e3feed4aaf689af53378dee6d7216e83c61677150d3dd
SHA512021535cd60d542def2b3b43f41d127f8932e699105d712cb9705ba7a1a47ca1dc389b53a77f291cc0603c0236f74b07c1738de998e6bf49deb88834b1848b577
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
363B
MD54bd29457512aba3ce5df847ac96af603
SHA1655d166d21c68b4c3fdaca9bd1ebc29e501bc629
SHA2565d8ae4bacf31870fb0f894c87e017cf9a1b553b26260c0abb28796b282e81d7c
SHA51268c53fc496f2fca424431eeaedea38d4228d5ea21085fa46d94ebb53a4b30884ac72629fa42877b8d094015487c426fbade119e4b5450004e0e2e4276f8152e3
-
Filesize
5KB
MD5e6f5bc50aac73579b4a03cc8dba88b2c
SHA1a3a5980f642c9235e1db908452b9fe295a555eec
SHA2561bf51ec3e8765cb769e9efeffd2f29688cd64b52bec400204055836f448a05d8
SHA51214ce5dd79342725606cade100adf4455637f0de9ad1dd928edcf5765b03d18058f7f81be1e9b16183fce10ca0fb71b33eec40afbbe07f0b81d91f3b63ccf7b6c
-
Filesize
5KB
MD53c14caef32b41f64a19e833522db6a8b
SHA129331d0af771002a1b4607f8f15c03bf6001ad7c
SHA25615bda2c88e0ec9aaffd9ecca0f0cf2aa11ea5e83be26c8f56fb458502713b6ef
SHA512649c1c0e1c3b1fba54f4e1cf8e5d3deef692bfff7c9adaa81932c2694f86a8e8af101e6118dc3f7583cbb8f505cfd2bb92ac0f09640b24eec8b6c4ec83f15b3c
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
4KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
64KB