Analysis
-
max time kernel
56s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 03:52
Behavioral task
behavioral1
Sample
8db0e084f1e6b6d6f9036c15fbcbf9e4a646cbb9503351c7c00df22696ebbd2a.doc
Resource
win7-20240221-en
5 signatures
60 seconds
Behavioral task
behavioral2
Sample
8db0e084f1e6b6d6f9036c15fbcbf9e4a646cbb9503351c7c00df22696ebbd2a.doc
Resource
win10v2004-20240426-en
5 signatures
60 seconds
General
-
Target
8db0e084f1e6b6d6f9036c15fbcbf9e4a646cbb9503351c7c00df22696ebbd2a.doc
-
Size
32KB
-
MD5
2d56b2cef141b4d7fdcec23b17ddb233
-
SHA1
d06132733c5a9205eb1d315422566c5253195264
-
SHA256
8db0e084f1e6b6d6f9036c15fbcbf9e4a646cbb9503351c7c00df22696ebbd2a
-
SHA512
c4f679f6570c6512d4adbe6c67af577ccba13adb7165bfeb898ff40af12735e287acffbaef5e47e4935c15424cb7b74580930c777bd5ca390b38f950b57d1e6a
-
SSDEEP
384:cllDziSJPw+QD12g+I86GCdv50jUstY6:YlM+kXbv
Score
1/10
Malware Config
Signatures
-
Office loads VBA resources, possible macro or embedded object present
-
Processes:
WINWORD.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
WINWORD.EXEpid process 1448 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
WINWORD.EXEpid process 1448 WINWORD.EXE 1448 WINWORD.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
WINWORD.EXEdescription pid process target process PID 1448 wrote to memory of 2900 1448 WINWORD.EXE splwow64.exe PID 1448 wrote to memory of 2900 1448 WINWORD.EXE splwow64.exe PID 1448 wrote to memory of 2900 1448 WINWORD.EXE splwow64.exe PID 1448 wrote to memory of 2900 1448 WINWORD.EXE splwow64.exe
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\8db0e084f1e6b6d6f9036c15fbcbf9e4a646cbb9503351c7c00df22696ebbd2a.doc"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1448 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:2900