Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2024 00:47

General

  • Target

    license.rtf

  • Size

    2KB

  • MD5

    19efeb5ea881bdf08bfe3c00eb775bc3

  • SHA1

    70e2a3fb85c36f6f5b9d6a085301dfa1de036d40

  • SHA256

    4dc5997b66265288af5527ed484b03156dba05dda829671e159b995639c63329

  • SHA512

    24063a8e5ba12787190d9ec511773cb28664d04780dae8c686df713ce15a64dbd9b31b835299867f70018f04509262665ee355e28ddc24c8ee4aec94af287595

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\license.rtf"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2732

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      893ffcba70aebc2f4e6746f7d5f607e7

      SHA1

      3526b79a559b57932246800f4de174596999e169

      SHA256

      28e96926c6c8028607286faf640bea289ff77c47eef9b06e6ac53a72e2b9b65f

      SHA512

      d99ad7673e6cdb1e6d7c9a4338dbbc026d2318f5a323aa6f48cee81be25de2e8fc26151e646b8db599169333de9cc3a40ae8aaa026d49237d95d8c7327cd5150

    • memory/2340-0-0x000000002FF01000-0x000000002FF02000-memory.dmp
      Filesize

      4KB

    • memory/2340-1-0x000000005FFF0000-0x0000000060000000-memory.dmp
      Filesize

      64KB

    • memory/2340-2-0x0000000070CDD000-0x0000000070CE8000-memory.dmp
      Filesize

      44KB

    • memory/2340-11-0x0000000070CDD000-0x0000000070CE8000-memory.dmp
      Filesize

      44KB

    • memory/2340-29-0x000000005FFF0000-0x0000000060000000-memory.dmp
      Filesize

      64KB