Analysis
-
max time kernel
144s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
11-07-2024 03:12
Static task
static1
Behavioral task
behavioral1
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~/Setup.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~/Setup.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~/d3dx9_43.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~/d3dx9_43.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~/heartthrob.doc
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
!~!SetUp_2025_Pa$$W0rd$s!!%!~/heartthrob.doc
Resource
win10v2004-20240709-en
General
-
Target
!~!SetUp_2025_Pa$$W0rd$s!!%!~/heartthrob.doc
-
Size
77KB
-
MD5
42e6685956ce07bdfe900b44dfda8555
-
SHA1
29d8ca5bae80f4d1ced66683d2ebd64a90b5eff7
-
SHA256
7f4dc10f712c2d0d4ae5f24e3defb4fcbeb1b38a7dd357a7473f954abe8faf0d
-
SHA512
4d293d2f298d108afdd854bf43bd1c0bb18a29082c94c7559e667bb0bb155584437cb4d4212a9ca0f19ccab766f5de42ded0d381ec071f193f9db1c1672c2a67
-
SSDEEP
1536:02WkXRPQqe0N7OoGvvHDkh9e0rafDfy7RsY3U:3Dh3xsPDUe04LSs+U
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
WINWORD.EXEpid Process 2328 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 20 IoCs
Processes:
WINWORD.EXEpid Process 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE 2328 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\!~!SetUp_2025_Pa$$W0rd$s!!%!~\heartthrob.doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2328