Managed XDR

word-embeddings-micros...ft_word_document2.docx — malware analysis report

File info

Filename
word-embeddings-microsoft_word_document2.docx
File type
Microsoft Word 2007+
File size
371.6 KB
First seen
Last seen

Environment

w10/x64 en

Hashes

SHA1
85ab71cec2775dcba091952396fe2b959ac5a730
SHA256
c27b2f3aa6b1fbb0bdef4deb4526903667f4906415534b0e01a8ec1438886349
MD5
479f35cdb78889d130f9968ed81be273

Signatures

Execution

T1204.002 office_com_load: Microsoft Office loads COM DLL files (indicator of COM usage in macros)

Privilege Escalation

T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1134 opens_process_token: Opens the access token associated with a process
T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents

Discovery

T1497 evasion_trustrecords: Attempts to detect Sandbox exploring trusted documents
T1083 checks_recent_files: Attempt to check recently opened files through registry

Command and Control

T1102.003 references_github: Contains links to cloud services of Github (potentially for malicious payload delivery)

Other

yara_rules: Static rules
test_check_service: Starts services
office_links: Office file contains external links
Managed XDR