Overview

overview

10

Static

static

1

猪八戒�...cx.lnk

windows7-x64

10

猪八戒�...cx.lnk

windows10-2004-x64

10

猪八戒�...33.vbs

windows7-x64

10

猪八戒�...33.vbs

windows10-2004-x64

10

猪八戒�...es.dll

windows7-x64

3

猪八戒�...es.dll

windows10-2004-x64

3

猪八戒�.../pp.py

windows7-x64

3

猪八戒�.../pp.py

windows10-2004-x64

3

猪八戒�...on.exe

windows7-x64

1

猪八戒�...on.exe

windows10-2004-x64

1

猪八戒�...37.dll

windows7-x64

3

猪八戒�...37.dll

windows10-2004-x64

3

猪八戒�...�.docx

windows7-x64

4

猪八戒�...�.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16-08-2023 07:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    猪八戒股份有限公司-需求/营业执照/.__MACOS__/猪八戒股份有限公司需求.docx

  • Size

    11KB

  • MD5

    e7c154beecc81b84a9eaeb55b52f233d

  • SHA1

    42d563e3500a057e75f3ff7ac52c3982b3a23ae0

  • SHA256

    88a1eb52b76e38eed5270479d2a4d332b4f7d2492dea9cc163665fbfbc658337

  • SHA512

    08fce4fc59640be1bb7499fb01da427775b6e8d2b5191d309ef73180d8be9fee3b899a58e644e53a9de40b2824c4a41347a1134ada750c48e81fe04f0a9b659f

  • SSDEEP

    192:6isXuVxbdN4XdsX1eLQQcH+pUUyR53ZGND1G+lcy58GH67gE6rUmfw5V5EJrmsvV:6deVBd2eo2eErpGND1Gf4f7f47armsIE

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\猪八戒股份有限公司-需求\营业执照\.__MACOS__\猪八戒股份有限公司需求.docx"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2496

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      8cda667af90bd69d162b40016b639980

      SHA1

      70a2d33711958011892587265e681bf8640e4ffd

      SHA256

      133b5e6ff912419d63b2f3380b961d1e8c5e4bd028574dbedfef483a0e93fc85

      SHA512

      e4b051dbd22c62ae359144c930179670b2da41a4030ec7a207a703a004c9104b1b5539291e9542ecff6b869ba6c954afe4c4457f84d16b3d19775d54d46e339e

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
      Filesize

      2B

      MD5

      f3b25701fe362ec84616a93a45ce9998

      SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

      SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

      SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

      Download Submit

    • memory/2372-54-0x000000002F120000-0x000000002F27D000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2372-55-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2372-56-0x000000007161D000-0x0000000071628000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2372-74-0x000000002F120000-0x000000002F27D000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2372-75-0x000000007161D000-0x0000000071628000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2372-93-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2372-94-0x000000007161D000-0x0000000071628000-memory.dmp

      Filesize

      44KB

      Download