Static task
static1
Behavioral task
behavioral1
Sample
OfficeClickToRun.exe
Resource
win10v2004-20230221-en
windows10-2004-x64
Target
OfficeClickToRun.exe
Size
5.0MB
MD5
305b489297b55ca1a0ea90104635a57d
SHA1
70f6653d653b8aa1727241d687e75e10e8113412
SHA256
09b25f421a7e8beda58978dfc5ddea254d59c595dcac7f2ed8f799963111ae9b
SHA512
cfc4ea7b324aa3891df390b0f535a69b625100216d87a214e18e51f34aa4043cadefa718912c483bf39c497a195b5abbc418e8e5bd75f942ed47c751b29c7466
SSDEEP
98304:hgrgH1HJzOyoKD1i5D+ZAzruaI6HMaJTtGbd:eK1ppoKxi5DQVaI6HMaJTtGbd
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
RegCreateKeyExW
RegCloseKey
EventUnregister
EventRegister
EventWriteTransfer
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
OpenProcessToken
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertSidToStringSidA
CheckTokenMembership
CreateWellKnownSid
EqualSid
RevertToSelf
RegEnumValueA
RegDeleteValueA
RegGetValueA
RegNotifyChangeKeyValue
EventWrite
CoUninitialize
CoRevokeInitializeSpy
CoRegisterInitializeSpy
CreateStreamOnHGlobal
CoInitialize
IIDFromString
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CLSIDFromString
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoInitializeEx
VariantClear
VariantInit
GetDeviceCaps
GetAdaptersInfo
GetCommandLineW
GetCommandLineA
SetStdHandle
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
GetOEMCP
ExitProcess
GetStdHandle
FreeLibraryAndExitThread
ExitThread
GetConsoleOutputCP
ReadConsoleW
GetEnvironmentStringsW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeCriticalSectionAndSpinCount
GetCPInfo
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetConsoleMode
WriteConsoleW
GetCurrentProcess
GetModuleHandleExW
GetLastError
CompareStringEx
GetProcAddress
FreeLibrary
IsWow64Process
MultiByteToWideChar
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
SetLastError
DeactivateActCtx
ActivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
GetModuleFileNameW
QueryActCtxW
OutputDebugStringA
LocalFree
FindClose
UnmapViewOfFile
CreateFileA
CloseHandle
CreateFileMappingA
GetFileSize
MapViewOfFile
Sleep
GetStringTypeExW
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
FormatMessageA
LocalAlloc
CreateEventExW
GlobalMemoryStatusEx
LoadLibraryExW
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
GetVersionExW
WideCharToMultiByte
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetProcessTimes
GetTickCount64
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
OpenProcess
GetCurrentProcessId
GetUserDefaultLocaleName
IsValidCodePage
GetSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
GetCPInfoExW
GetDiskFreeSpaceExW
CreateFileW
VirtualProtect
GetComputerNameW
FormatMessageW
GetLogicalProcessorInformation
GetNativeSystemInfo
GetSystemDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
ReleaseMutex
CreateMutexExW
OpenMutexW
WaitForSingleObjectEx
EnterCriticalSection
GetCurrentThreadId
TryEnterCriticalSection
LeaveCriticalSection
SetEvent
GetFileAttributesExW
CreateDirectoryW
FindFirstFileExW
DeleteFileW
FindNextFileW
GetFileTime
ReadFile
GetFileSizeEx
SetFilePointerEx
GetTempFileNameW
GetFileAttributesW
CreateFileMappingW
FlushViewOfFile
GetFileType
SetFilePointer
GetOverlappedResult
SetFileInformationByHandle
ExpandEnvironmentStringsW
GetFullPathNameW
GetTempPathW
CreateMutexW
ReleaseSemaphore
WaitForMultipleObjects
GetCurrentThread
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
GlobalAlloc
GlobalFree
WaitForMultipleObjectsEx
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
QueryDepthSList
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
DeleteFileA
GetTempPathA
ProcessIdToSessionId
GetExitCodeThread
FlsFree
FlsAlloc
WriteFile
GetPriorityClass
GetExitCodeProcess
GetTimeZoneInformation
IsValidLocale
GetTickCount
ResetEvent
CreateThread
CreateEventW
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForSingleObject
GetLocaleInfoEx
LCIDToLocaleName
LocaleNameToLCID
GetLocaleInfoW
ResolveLocaleName
GetUserPreferredUILanguages
GetACP
LockResource
EnumSystemLocalesEx
GetSystemDefaultLocaleName
GetFileAttributesA
LoadLibraryExA
LCMapStringEx
GetSystemDefaultLCID
GetUserGeoID
GetLongPathNameW
GetFinalPathNameByHandleW
GetSystemPowerStatus
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
LockFile
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
HeapValidate
HeapSize
GetDiskFreeSpaceA
OutputDebugStringW
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
QueryPerformanceCounter
FlushFileBuffers
K32GetProcessMemoryInfo
SetFileTime
CancelIoEx
GetPhysicallyInstalledSystemMemory
GetProductInfo
QueryPerformanceFrequency
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetQueuedCompletionStatus
FlsSetValue
FlsGetValue
IsDebuggerPresent
GetStartupInfoW
CreateMemoryResourceNotification
IsSystemResumeAutomatic
QueryUnbiasedInterruptTime
RtlCaptureContext
SwitchToThread
VirtualQuery
GetLocalTime
DeviceIoControl
EncodePointer
SleepConditionVariableCS
InitializeConditionVariable
GetFileInformationByHandleEx
RtlPcToFileHeader
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
InetNtopW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ