Overview

overview

7

Static

static

3

2ee36c351e...18.exe

windows7-x64

7

2ee36c351e...18.exe

windows10-2004-x64

7

$PLUGINSDI...LA.rtf

windows7-x64

4

$PLUGINSDI...LA.rtf

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ms.rtf

windows7-x64

4

$PLUGINSDI...ms.rtf

windows10-2004-x64

1

$PLUGINSDI...h1.exe

windows7-x64

7

$PLUGINSDI...h1.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_34_/exte...st.dll

windows7-x64

1

$_34_/exte...st.dll

windows10-2004-x64

1

content/facemoods.js

windows7-x64

3

content/facemoods.js

windows10-2004-x64

3

content/mtstart.js

windows7-x64

3

content/mtstart.js

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/EZT_EULA.rtf

  • Size

    62KB

  • MD5

    3584a8d7f66ffad1b321d682bdd71c12

  • SHA1

    88e7aed78aa695f34200bab80d2686770f8a8d0d

  • SHA256

    482a0dc0ecd1099bc772e3021907635ad53164897dcd3c97d86eda4d00a7a719

  • SHA512

    48a68cc55c006d4eef7cc4c334ccf3caaa4af2aa966157ba3b08eaaabe4f3093ef05745d5e80e342a37a383be0112bbb28f9031977d9e495ea9e09591dd935b4

  • SSDEEP

    384:AGtwgDrN79ozVzEFHQezWf4RnDQg4so6iETJTPwa54vg3Rvjlyb3OEi6rGsNAYAG:AG7QezWwnDQgxPiKvjlc7hAZqCM

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\EZT_EULA.rtf"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2880

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      19KB

      MD5

      e2d726324056be88af14fc69a6cce74f

      SHA1

      f34fd2c96fa98d9c67461e110e7277eac29daf03

      SHA256

      a5629acbde59b45a46a7d4b35a77a17efbb7b22545ef19324e4a435a677538f9

      SHA512

      43c3d936889a67747ea9a88db6dcbfd9d3eb6578689fa3bb13489d0d458a8960fbb969d7a0eca6dffe7b60e293d5e75139365af17ef6a32b43b45b72d0c7a3da

      Download Submit

    • memory/1976-0-0x000000002F341000-0x000000002F342000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1976-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1976-2-0x000000007185D000-0x0000000071868000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1976-9-0x000000007185D000-0x0000000071868000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1976-30-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download