Analysis

  • max time kernel
    23s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2024, 21:15

General

  • Target

    773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5.docx

  • Size

    141KB

  • MD5

    584410ce253da7a7a165233ca100ca83

  • SHA1

    4be0e18e971f0c8443aba983826312f1a9103f0a

  • SHA256

    773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5

  • SHA512

    66555af131b8d9474bc3db81227b3ef4e74a7b3bc678b5715a54b52017d99f266729cbc2358425d09bcded014f6682633d30f2e1122a140faa54527c221348ae

  • SSDEEP

    3072:nHjiNnE9xcCSbQcFyjZ9p7p6+1Ghfu+uUsw8Okcf:HedEFSbQ4gZ939Ou+uUsw7ki

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\773a761f49964da9e1f9432fd912864ce070cd96b3686024ce03571fb22647a5.docx"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{0682582E-10AC-455B-8618-75F99E285C85}.FSD

    Filesize

    128KB

    MD5

    d6c66760ccee3620f58f311354558d72

    SHA1

    6ed42f8a925197b08cdcc58c8a85996631e00552

    SHA256

    343c03bdd874f0b20bcb1acf7957586259d8c0e89918fd8594d5a58ada89d8cc

    SHA512

    a6fd839d87752efacfb2daf80d62fe08887ac688e32102044ecf43ce74cda15a833476a86103d764b096e82fd75f8e96025034823ef94831f44bc32ace430b39

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    4f9535093a123c8ec9022737cd7c161d

    SHA1

    d879d2dc4fd690174318e91bc30493417121f87b

    SHA256

    79648d3049504b0c1fb1cd69b16fba86b28ab50dae69e7ef1ccc709fd95851b5

    SHA512

    b7729a376929a1ed072286d656964f655236a76b9e9f056bc3384d2e36a42e9c46906e97bac88ce9dac87edb17e8f993961754d51d0ea6c2a8e12a78409fefb8

  • C:\Users\Admin\AppData\Local\Temp\{A82E057F-6DD2-4F04-94EF-0AD13FCB471E}

    Filesize

    128KB

    MD5

    6a9ac84b0d92f5c4f828c34cd5578f9f

    SHA1

    5359fff5f66861439401eb6b21fcdb732f31cbb4

    SHA256

    15a9ada7f212972abbafea031a81cd690d8df168f775df6deeba1c1bd8f4093e

    SHA512

    00f6e5931f00e0df9123d347934412496ff7d332e16056762391c237db92f376749ff3f203d800d52347df907f3cecdec8faa92dd34ea42287ebd89ef190e73d

  • memory/2360-0-0x000000002F421000-0x000000002F422000-memory.dmp

    Filesize

    4KB

  • memory/2360-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2360-2-0x00000000712ED000-0x00000000712F8000-memory.dmp

    Filesize

    44KB

  • memory/2360-61-0x00000000712ED000-0x00000000712F8000-memory.dmp

    Filesize

    44KB