Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
08/09/2024, 11:18
General
-
Target
$PLUGINSDIR/license_cb.rtf
-
Size
35KB
-
MD5
16a09bff84c5cca2dabf0497d23a5f8d
-
SHA1
89681b2dd1299ed7dc881219a9de2c2119c86cb4
-
SHA256
3e6cc3a654a122b52f3905cdd3d07df3ca9c540d2f68bd64c91c783f576bed0a
-
SHA512
827a12d1edd6209e016d5c951b70a4dd754356503456e35a3d9196c495a67fc464900766adae8b342466b44130423501fd79f731f1534394ef83cd57fa46a009
-
SSDEEP
768:MIpQpky+9ZKx76b/Ve4pfMRkPJM/KwIf0YPJMizkQs2WtD08Z:qi+2WtL
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\license_cb.rtf"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD5e4fff0ed53e91bbd9df7ee7598508a29
SHA1729c0560e9f22ad30b2aa74adad8a7f9d0ce7e46
SHA256b3699aa0f50e467c924c2e5c3b2561222b9d06441eeb135eb9290a9f5542cd39
SHA5129abfe6d9e531df7ba80a7ab50161eebeb0793b670ec332f417e513b5536abcdc3d92c5477b95096ca5ca27b74d6f62a2391c7829134483af41debf7592a678c0
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
64KB