Analysis
-
max time kernel
179s -
max time network
238s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 19:34
Static task
static1
Behavioral task
behavioral1
Sample
综布标准模版(附CAD图)/综布标准模版(附CAD图)/综合布线标准模板.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
综布标准模版(附CAD图)/综布标准模版(附CAD图)/综合布线标准模板.doc
Resource
win10v2004-20221111-en
General
-
Target
综布标准模版(附CAD图)/综布标准模版(附CAD图)/综合布线标准模板.doc
-
Size
265KB
-
MD5
780d838bf210f7baadc96bde7aa83eab
-
SHA1
4ab18c4a4f4374b4504f792a7bec7d127098447c
-
SHA256
fe4d50d94926f6513df1a7449450b4cb5ed36bf5cec7f9406cdc043a25feb644
-
SHA512
efb2444ab681ba9e6543b8374e3d3231cc6b7d0bddf873e6e0c024da0322d60de71f5a19db995f7866f4d50e6a770c771ee1d2e94010a40e5751637cb345d8cf
-
SSDEEP
3072:ovUFldNi7QkMrmBoVRcCZxWDptN/+8KoyEg9T7:oo3i7QkvoPZEDp3/1K/9
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 1452 WINWORD.EXE 1452 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
WINWORD.EXEpid process 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE 1452 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\综布标准模版(附CAD图)\综布标准模版(附CAD图)\综合布线标准模板.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1452
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1452-132-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/1452-133-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/1452-134-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/1452-135-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/1452-136-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/1452-137-0x00007FF9A32E0000-0x00007FF9A32F0000-memory.dmpFilesize
64KB
-
memory/1452-138-0x00007FF9A32E0000-0x00007FF9A32F0000-memory.dmpFilesize
64KB