Overview

overview

6

Static

static

3

3c4ef62db5...18.exe

windows7-x64

1

3c4ef62db5...18.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$TEMP/minibar.exe

windows7-x64

3

$TEMP/minibar.exe

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...ip.dll

windows7-x64

3

$PLUGINSDI...ip.dll

windows10-2004-x64

3

$PROGRAMFI...gy.dll

windows7-x64

6

$PROGRAMFI...gy.dll

windows10-2004-x64

6

$PROGRAMFI...go.dll

windows7-x64

6

$PROGRAMFI...go.dll

windows10-2004-x64

6

$PROGRAMFI...on.dll

windows7-x64

1

$PROGRAMFI...on.dll

windows10-2004-x64

1

$PROGRAMFI...ton.js

windows7-x64

3

$PROGRAMFI...ton.js

windows10-2004-x64

3

$PROGRAMFI...ton.js

windows7-x64

3

$PROGRAMFI...ton.js

windows10-2004-x64

3

$PROGRAMFI.../ui.js

windows7-x64

3

$PROGRAMFI.../ui.js

windows10-2004-x64

3

$PROGRAMFI...ser.js

windows7-x64

3

$PROGRAMFI...ser.js

windows10-2004-x64

3

$PROGRAMFI...ole.js

windows7-x64

3

$PROGRAMFI...ole.js

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12/07/2024, 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/license.rtf

  • Size

    193B

  • MD5

    beea38d906aecb227da5df5ab302290c

  • SHA1

    33f1c86ed87c49a39e0d4a2a8302d2b970947133

  • SHA256

    c45a69c256f70d5643d61870210cb0f21bd22cc07189d58e74c060e27f9bc6f4

  • SHA512

    f9f001ed3406718300b4312e975834d5a7408c0e8318a5bdfb9c0d8da7918481e0cdaac9832e6841de21e25f1ced38cc18e13f2f5f6dc64065df975fbf7bdb9e

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\license.rtf"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:3068

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      19KB

      MD5

      f673a95e80d772aa7aae22300320d51d

      SHA1

      c1d4fc59a15949c0f05f1665c629049b1f17ea34

      SHA256

      54a1aad08eff9423f30cb1b2c14a0f4945dd49257cef35499675072a705a08f1

      SHA512

      c57d633decd0815e06660d44c2db738852c4e6115d0946e2e1af9bf1df8cad527cfe5c529a47952be178817ec890b5c1e800a71e6ca6474a70b6d072bc44fc4d

      Download Submit

    • memory/2824-0-0x000000002F931000-0x000000002F932000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2824-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2824-2-0x000000007122D000-0x0000000071238000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2824-9-0x000000007122D000-0x0000000071238000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2824-27-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download