Overview

overview

7

Static

static

3

142aad2e00...18.exe

windows7-x64

7

142aad2e00...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...DE.rtf

windows7-x64

4

$PLUGINSDI...DE.rtf

windows10-2004-x64

1

$PLUGINSDI...EN.rtf

windows7-x64

4

$PLUGINSDI...EN.rtf

windows10-2004-x64

1

$PLUGINSDI...ES.rtf

windows7-x64

4

$PLUGINSDI...ES.rtf

windows10-2004-x64

1

$PLUGINSDI...FR.rtf

windows7-x64

4

$PLUGINSDI...FR.rtf

windows10-2004-x64

1

$PLUGINSDI...IT.rtf

windows7-x64

4

$PLUGINSDI...IT.rtf

windows10-2004-x64

1

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2024, 16:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/FavoritES.rtf

  • Size

    21KB

  • MD5

    6893b39b76c99bfcff44ead37306444a

  • SHA1

    0cd3ec30bcc8fdfffbda532114f21774539e09cf

  • SHA256

    df936126688718ae1ea8b9234047b0d989a6ca252cbf65677444aaf80281b43e

  • SHA512

    63f301936e21040de7d606589cbe04b7e71fa89356df27637f3d7abf490125c441ee0812e89d90db7197689d8e3ca54d74cb8f92d93910bb25dd7177fa7ba0c2

  • SSDEEP

    384:MAC0msM/T9u4TgLzabbO7MzrGyvtma8e1xp/j2:kT9unzCO7Mzr7tm7e1xpK

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\FavoritES.rtf" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\TCDBA68.tmp\sist02.xsl
    Filesize

    245KB

    MD5

    f883b260a8d67082ea895c14bf56dd56

    SHA1

    7954565c1f243d46ad3b1e2f1baf3281451fc14b

    SHA256

    ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

    SHA512

    d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    1KB

    MD5

    6b93cc690fd128438fd630ba7624f621

    SHA1

    e58cf3f50be85ca1c75daf5d161b2807fce9ace2

    SHA256

    9963b1c7d07cd534090a14e3f3bc6fc25d4a2005af62d46406018f929f8fe445

    SHA512

    501082e60d1ae6c0193d31a4ef7ade8966293c5f486cfc136cb5e063291cfc3d62546e6ef5f2f181820de666b45fc18e9ababe8047a2f26d2b7ec025ffd7f64b

    Download Submit

  • memory/3952-19-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-35-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-10-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-9-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-8-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3952-12-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-11-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-15-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-14-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-13-0x00007FFCCC170000-0x00007FFCCC180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3952-17-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-16-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-7-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-1-0x00007FFD0E1ED000-0x00007FFD0E1EE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3952-3-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3952-20-0x00007FFCCC170000-0x00007FFCCC180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3952-6-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-5-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3952-21-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-2-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3952-33-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-34-0x00007FFD0E1ED000-0x00007FFD0E1EE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3952-18-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-36-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-4-0x00007FFD0E150000-0x00007FFD0E345000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3952-0-0x00007FFCCE1D0000-0x00007FFCCE1E0000-memory.dmp

    Filesize

    64KB

    Download