Analysis
-
max time kernel
23s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
26-07-2024 21:33
General
-
Target
ba7a050a6b8fc7000dcbef380fdae0692cd36e6f0680aeda2919f4f1d57b4f3d.doc
-
Size
33KB
-
MD5
00ac34edd44471254a1c06d4c2ad6ccd
-
SHA1
440f0f2c98f608ae2c9cbe3ba2c772aefddb8f23
-
SHA256
ba7a050a6b8fc7000dcbef380fdae0692cd36e6f0680aeda2919f4f1d57b4f3d
-
SHA512
7b7da4cf6e24526225ccd4faa96109453c18ed717604d9c694a11e5b70a62623376829dad6d183e0ae9bf4e21c1708b574993ae19c55d3c05403a05864991a4f
-
SSDEEP
192:tfWpEsq6/6ruRD7/9uSAq9LVk28Ut9YLeojM/MaXKB4Q6TqqG0jZy2y+a:tPiSux1uSVeRUt2M/RXKB4QcqqG0jPy
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ba7a050a6b8fc7000dcbef380fdae0692cd36e6f0680aeda2919f4f1d57b4f3d.doc"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
44KB
-
Filesize
44KB