60f1b5b85c591260fc86e4e8b65e2ade1c2e3d7b267e87f637e995d17d86ec40

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20240708-es
resource tags

arch:x64arch:x86image:win7-20240708-eslocale:es-esos:windows7-x64systemwindows
submitted
17/08/2024, 03:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Melissa.doc
Size

164KB
MD5

89a0a6a9bc7f0449b10a503f113986af
SHA1

0366b76830e9c0cd18a588cfae74908e86fa019e
SHA256

60f1b5b85c591260fc86e4e8b65e2ade1c2e3d7b267e87f637e995d17d86ec40
SHA512

a90c0f1cdeda55d3a9f37aa7a21b6fdd74b78982523e3908622d79c742ef3f116e90e44f04b6ef1dd7cef3f6e814ac453e75efb2ee376cd74093d946a7b3ae48
SSDEEP

3072:pJxwh+Srhnl1fT2kLfl6/X6OOKeWR+JCT/xzNGXPU0r1gee2IGCkzHFIlFmO2A9L:26oYH3uokeOvHS1d1+sNs8wbiWQw9YvZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2704	WINWORD.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2704	WINWORD.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2704	WINWORD.EXE
2704	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Melissa.doc"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2696

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{8FC237D0-0502-415D-A413-C7B2A5F09AD6}.FSD

Filesize
128KB

MD5
8c7007b78b6ae35a6b2bbf1362ff17ee

SHA1
a46ae0aab16ee7094e1dc83115589f05df9e9d55

SHA256
85dc87bd343f20a4bdb03d1ceeb603e2476adcb7d39a621dac17e6e4308861b5

SHA512
ae47a69e1b511f4d54b165f0c1dbffe5cd48cea24a6de54350e13c23a0e76a2e94e4dd81aba27e9929be40ce96085ebd3a913852d7bf0c076d8c055e867710ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

Filesize
128KB

MD5
28701aa487f33c60fb5b4b65a76e1618

SHA1
6c4a76ab66ce5009dbae4242249cd1e925e7f967

SHA256
048616f863e3002008867dc38106482343bfe771b96a82199621afa75ee7f636

SHA512
790bd66e6168280e065712401f09e714e87d5b787d22d72eb4e8b1b547f1fd80950c70ac4a14ac88edf8147e38e57f513fd72a033c98016273f024434a64dbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{FA769B1E-ACE7-46F0-AD9B-EFD1EF8864FF}.FSD

Filesize
128KB

MD5
5dcecf10f2be7c7182a0aa576321431c

SHA1
90e8cc35156f142197ae6dfbd4eb07577226eee5

SHA256
057434311ebb4580da13f222671fb1876291201c72cdaab0a23b04da178af2dd

SHA512
7ad508789bf66655dda35d227b28a6f9aea447a0628d0fb23ceb2c35fdac846430a302d342ed87c1830344efdeebb8ee2d27dfd67cc13344e855e30d5dc75f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E7D4B0F7.wmf

Filesize
642B

MD5
4f03b86e4d6631c26ff5fffc7332be1d

SHA1
14952a78ea51df67d5b5b6c6b4de3d96ba7935bd

SHA256
83f4ea26254d69825486bffd1d400217aac7245c5c48fe5acc3ccdea173c4851

SHA512
4bed29b66444d826e89589b55dd786758ff68fcd2daf8296703d4443edb991fffce563e20db22bfb34fdb488638bbb43252392b6c105d12e721329adc2774632

Download Submit
C:\Users\Admin\AppData\Local\Temp\{AFC425BA-4A2F-4034-A2DA-9BA79B8AC420}

Filesize
128KB

MD5
8c5b7be3bd0bf3aac9499435f1dd058a

SHA1
1752db4b6aaba65ba634dac132be7fbcc48505fe

SHA256
668de54b2e19aefdf3d1bf7d3108f94895f669dc4821f2821436b7c38fde14cb

SHA512
3c42c43a8e34c33da8c7720ab9d3d24534113fd1e20bc108a8986bbce126df0f0336b2ac2828bd4233295855b798646f04e28c4c740c71a2df27878d6df7f937

Download Submit
memory/2704-0-0x000000002F4B1000-0x000000002F4B2000-memory.dmp

Filesize
4KB

Download
memory/2704-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2704-2-0x000000007345D000-0x0000000073468000-memory.dmp

Filesize
44KB

Download
memory/2704-4-0x000000007345D000-0x0000000073468000-memory.dmp

Filesize
44KB

Download