Overview

overview

7

Static

static

3

2ee36c351e...18.exe

windows7-x64

7

2ee36c351e...18.exe

windows10-2004-x64

7

$PLUGINSDI...LA.rtf

windows7-x64

4

$PLUGINSDI...LA.rtf

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ms.rtf

windows7-x64

4

$PLUGINSDI...ms.rtf

windows10-2004-x64

1

$PLUGINSDI...h1.exe

windows7-x64

7

$PLUGINSDI...h1.exe

windows10-2004-x64

7

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ef.dll

windows7-x64

3

$PLUGINSDI...ef.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_34_/exte...st.dll

windows7-x64

1

$_34_/exte...st.dll

windows10-2004-x64

1

content/facemoods.js

windows7-x64

3

content/facemoods.js

windows10-2004-x64

3

content/mtstart.js

windows7-x64

3

content/mtstart.js

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09-07-2024 03:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/facemoods_terms.rtf

  • Size

    80KB

  • MD5

    021f978d062bdf04b58327f3b67c8aeb

  • SHA1

    704ddc83f32a5ce6c95a1ce9af74f8f7b60c2a95

  • SHA256

    7faf940cf5a2abc900639ade3262db9a9b0f623047a67e6b165c73aa33b90d35

  • SHA512

    f69264f3aff95d0fde5a582fa75a8d8bd74eeac255e6e7beb7723ae5260a5e1fc05e25e446a786b0003b40f3e75610ccf82013e6a86c73dd3c9a32ce20d7b97b

  • SSDEEP

    768:l813p3VdAkF8bmrF5oa5Fscm0GEsGugGcQ/yK74fsWc24hAZqC3:l8TN8bqbGZytsWcwj3

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\facemoods_terms.rtf"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3056
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2824

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      19KB

      MD5

      8f0f51b54b8d2de2d9dce82383f00310

      SHA1

      6b5dd4083bc0dd1d772cdfc43c10c65837de08e9

      SHA256

      6c686e9438bcd53f10a66f690605e8707e34e964861a2f216aae9b845367bff7

      SHA512

      70df0c59df524dab1938a421903e9a89ed618e19d825d55098dfa18dc473e12106a4e82174ca9f290d317a875ddb1c52b4f255a618103a08cd945c298c6b43fc

      Download Submit

    • memory/3056-0-0x000000002F591000-0x000000002F592000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3056-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3056-2-0x000000007357D000-0x0000000073588000-memory.dmp

      Filesize

      44KB

      Download

    • memory/3056-5-0x000000007357D000-0x0000000073588000-memory.dmp

      Filesize

      44KB

      Download

    • memory/3056-26-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download