Analysis

  • max time kernel
    1556s
  • max time network
    1561s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 06:51

General

  • Target

    resources/app.asar.unpacked/node_modules/cpu-features/deps/cpu_features/cmake/ci/doc/docker.dot

  • Size

    2KB

  • MD5

    d08fb2358d40bf05064a753171090227

  • SHA1

    16cfac24e2dfc61f282799e6cc5d2e53eec2320f

  • SHA256

    0426787a95f70006ffef1c1b881c6e857d7adf84abd7b3c2e26368eb7509f58c

  • SHA512

    851eae4f8f704a804876456252ae1bc7cffa45981a0343ab925d4e9f89ccb58225f8c09ff9b2f10eb3e032eec460ee950348d53a810e0ab106b82339579ec397

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\cpu-features\deps\cpu_features\cmake\ci\doc\docker.dot"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

      Filesize

      20KB

      MD5

      96d5d694689fce709d63a31ceef7d949

      SHA1

      0811bcccdda802e47b326326a98aec2589d7f49a

      SHA256

      b244e8b2f9bfd5f2c60d1ee975ebfc914d720c7f14908c3b9a0f6ff13f66c029

      SHA512

      d549e85ca4abbb823b393578e4d9cab7f6969bababdcc2fd0b6cb13d5a0313e32b1131ae866c9e8ad880f0f24974c7edfbdd82b03aef0aef658acd653979e542

    • memory/3004-0-0x000000002FEA1000-0x000000002FEA2000-memory.dmp

      Filesize

      4KB

    • memory/3004-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/3004-2-0x0000000070D6D000-0x0000000070D78000-memory.dmp

      Filesize

      44KB

    • memory/3004-11-0x0000000070D6D000-0x0000000070D78000-memory.dmp

      Filesize

      44KB

    • memory/3004-26-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/3004-27-0x0000000070D6D000-0x0000000070D78000-memory.dmp

      Filesize

      44KB