Overview

overview

10

Static

static

1

6b4061021a...7f.doc

windows7-x64

4

6b4061021a...7f.doc

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b4061021a795bade0cf80a28d461136f9032d24937ebf360bc6d667ad43af7f.doc

  • Size

    16KB

  • MD5

    fcb892eebce485b4161ee08b6b405ddf

  • SHA1

    86e97121cc8c527b83508ff2f5c5f36621b94722

  • SHA256

    6b4061021a795bade0cf80a28d461136f9032d24937ebf360bc6d667ad43af7f

  • SHA512

    24ccf0c06374e194a162178ac8b1c35cfc3970f916fc5f69166c8835efd6d4240aee85adca9b1432d18ef80983a67efadefc42b8af2aa362908a1424979bf472

  • SSDEEP

    96:D6qOpM9SVDXAMaMwMlU9nNe2LnPUfo1S7UXu9ryG/15hKThSB58Ac:DabDAH7zeimoIpDh4UB58Z

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\6b4061021a795bade0cf80a28d461136f9032d24937ebf360bc6d667ad43af7f.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5112
    • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE
      "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE" C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT
      2⤵
      • Process spawned unexpected child process
      PID:1424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCD33C.tmp\gb.xsl
    Filesize

    262KB

    MD5

    51d32ee5bc7ab811041f799652d26e04

    SHA1

    412193006aa3ef19e0a57e16acf86b830993024a

    SHA256

    6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

    SHA512

    5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    3KB

    MD5

    c0d69c90e8d56c229732e948bfda23e6

    SHA1

    7ffebab237d477219da628fc93f18b578a9b33f5

    SHA256

    9b34adcf7c0f19408c490de0f9652af26f3fc4d9006d451dcff271bf6f573b0f

    SHA512

    835d9952a8067117c098e9bacaba779587217794ebb741de19a749d7d94ca04bed188e7d3ad54fb5f1b13d97043d021560fdbe4402958cc5c771ee3c000005fd

    Download Submit

  • memory/1424-58-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1424-63-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1424-62-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1424-60-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1424-61-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1424-59-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1424-57-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-15-0x00007FF822320000-0x00007FF822330000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-0-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-17-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-16-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-18-0x00007FF822320000-0x00007FF822330000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-22-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-23-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-21-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-20-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-19-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-11-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-8-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-7-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-6-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-5-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-13-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-14-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-12-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-10-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-9-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-4-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-3-0x00007FF86472D000-0x00007FF86472E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5112-1-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-2-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-187-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5112-210-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-209-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-208-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-207-0x00007FF824710000-0x00007FF824720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5112-211-0x00007FF864690000-0x00007FF864885000-memory.dmp

    Filesize

    2.0MB

    Download