Overview

overview

7

Static

static

1

50854970fd...c.docx

windows7-x64

7

50854970fd...c.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 01:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50854970fd66243f52d703bb6901005be169ba588c2184c32bf915517e6e02ec.docx

  • Size

    16KB

  • MD5

    4080602520c9480551d0aaf44dd503c9

  • SHA1

    bf129825d1e27021d04c84716f263af3d2e391d3

  • SHA256

    50854970fd66243f52d703bb6901005be169ba588c2184c32bf915517e6e02ec

  • SHA512

    353246c7d24041dfc38ab034a1d5886144712c32c6ba30c3a8aeef862c77cc8d02bdce5018b01c906ac446b5c923cb5e71062a2941aaab52b6b15d07e79b1e40

  • SSDEEP

    384:HyXq9ndWvs8PL8wi4OEwH8TIbE91r2fRVJY2vieSBgTr+:Hcq7Y5P3DOqnYJj3vPSBgT6

Score
7/10

Malware Config

Signatures

  • Abuses OpenXML format to download file from external location
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\50854970fd66243f52d703bb6901005be169ba588c2184c32bf915517e6e02ec.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:536

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{67F3147D-18FA-494A-A17E-0C0C0B13B458}.FSD
      Filesize

      128KB

      MD5

      02325641f381630441d4f5a727d63dc9

      SHA1

      8a33a8d3a7cc4cdbda363e2d1ca83fdd37b1a015

      SHA256

      440d2a0f881c69b0441970fc465d53997233296a866bde4481f642db3d8c1053

      SHA512

      dc1a9fe151ab43e8fe694e9e105ff928d7799f8c12236f79c0b44be2257893dd5a27f9edb8773eed1f928b7f4e0dbe0deb9cefd4db3fd1420385ba92c8226eca

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
      Filesize

      128KB

      MD5

      4f11c087bc032b6436274df6e521f334

      SHA1

      dc826b8bd6c5eacaa6b7fb15938aa03354957bf1

      SHA256

      a3915f723ecf0367e95c6fe87248f0e7626a9f48d550f8cfccb0a7e2e6f37baa

      SHA512

      64b3e69e64976e033d2d3b7ae91690c811ce383bd2593941872eeed106a50a30c22654065bce56adb64f9d59000f758aa6d6f5e012d39b16dcb673971689cd36

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{8BD8E674-012B-4D20-8137-2F19746ADDDD}.FSD
      Filesize

      128KB

      MD5

      6159297f24c2f06dd758c0b8305c9b4a

      SHA1

      53a9df4967a702c8b7e756c33163ea95593a8811

      SHA256

      06e32e38a3edee54591159c3288311d35f9300ccb69cc67015e2d8a1806b3fd6

      SHA512

      bc55b0966ce8f9ca4a343179ad7ba5b2b38850e93034bcadde46007b77fc1f04d313653b9080a86345a0cd2a556ffd478899e39bd3e5b7c9bb21d6c11f7366ca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{C2A81DD9-DEC6-4FCF-AE85-D622A8ED5EFB}
      Filesize

      128KB

      MD5

      edaca5c1ddf5e11e60b35fc213c22fcf

      SHA1

      60554895293bc052b462a20c476de35d96860b4a

      SHA256

      28b29ce785eb5f98af5e98a2762d67e3ec35bedc033fb3c0630b6e09d1311e81

      SHA512

      bd0481385b596ad02fcdbdce920feca4fc9104495b0358a158979b8ab8b2515452286a314e446ba2194860590203704a6478594271bb49357cc6dfd97a3b080e

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      754c58e75a1ac07234f8dbcae4aebb16

      SHA1

      66da535957e35f4d1c69371f3ea160001a232240

      SHA256

      6993258a38450ea4c40be637f9cc7b50cdff4a36e016c2765ef8b16c237dd0bf

      SHA512

      eb0be1eb3b5493bc55865c0c0a44eaa9bc8818bb80f8cac2c9de2c217609f9cd75123dcbfe0573303a1b5d0d283e2aa9a78cf26df61a5c72a43ae7e32f235c38

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
      Filesize

      2B

      MD5

      f3b25701fe362ec84616a93a45ce9998

      SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

      SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

      SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

      Download Submit

    • memory/2020-0-0x000000002FEF1000-0x000000002FEF2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2020-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2020-2-0x0000000070D1D000-0x0000000070D28000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2020-62-0x0000000070D1D000-0x0000000070D28000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2020-97-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2020-98-0x0000000070D1D000-0x0000000070D28000-memory.dmp

      Filesize

      44KB

      Download