Overview

overview

10

Static

static

1

435eaccabd...98.exe

windows7-x64

10

435eaccabd...98.exe

windows10-2004-x64

10

$TEMP/Cm.potm

windows7-x64

3

$TEMP/Cm.potm

windows10-2004-x64

8

$TEMP/Contents.potm

windows7-x64

3

$TEMP/Contents.potm

windows10-2004-x64

8

$TEMP/Cont...g.potm

windows7-x64

3

$TEMP/Cont...g.potm

windows10-2004-x64

8

$TEMP/Elementary.potm

windows7-x64

3

$TEMP/Elementary.potm

windows10-2004-x64

8

$TEMP/Templates.potm

windows7-x64

3

$TEMP/Templates.potm

windows10-2004-x64

8

Analysis

  • max time kernel
    98s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    08-02-2025 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/Contributing.potm

  • Size

    57KB

  • MD5

    58324423292aba1fe85ce884cc359575

  • SHA1

    79727d862731765ef1edabb4a42f8c315d525968

  • SHA256

    10353a8e746724e0238c59ffe82f8148241a9fd4788f8929e7e8985671a211e9

  • SHA512

    ec93064e909ee1aad291c59f09b3c1abb5afefeb4a988df29247aff1551c9525708068e4fb0d72014c6e207efc4e0bb656521be47f46c4b9a61c14034935fa48

  • SSDEEP

    1536:/UYozsxmkL/FfuHGBt2sfEmAuNBWXp2Hi0Hfd5IQIB0:15LwitBAMri0j80

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\$TEMP\Contributing.potm"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2860

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2304-0-0x000000002D2E1000-0x000000002D2E2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2304-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2304-2-0x000000007241D000-0x0000000072428000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2304-4-0x000000007241D000-0x0000000072428000-memory.dmp

      Filesize

      44KB

      Download