47f67e5e2ebcef2afbce111a1f177527b65435ddd5720e7b57049bcc2f0ec916

Analysis

max time kernel
1s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

自筹资金/D.财务监理意见-2012年10月份自筹及市财力用款申请审核[2012-006].doc
Size

55KB
MD5

6c9b41fd244a3499e720d19e0aa723d0
SHA1

8a9b42db768c863a58a6103fd75ec65e4792eac8
SHA256

8f55c1691f9fc0aecf723235642ca03fb5436144cd5b80fde27ebe4447889b78
SHA512

74bc6974aa6d01e2d8b406876c383662c16d2905b7b69fb9f1eea6597c85af94345f09743b9379639c08e0dae9d635ef9b6f2da521d29c2f43fea687a228f77c
SSDEEP

768:PTnGc28CEKOv0rjMHkuNYHhn5Qs2xzzMke:PTnGcB0rQHklHhn5Qs21MZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\MenuExt	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	WINWORD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\自筹资金\D.财务监理意见-2012年10月份自筹及市财力用款申请审核[2012-006].doc"
1⤵
- Modifies Internet Explorer settings
PID:3000
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
20KB

MD5
41d0958c23c6ef219562bd08cd6fd80f

SHA1
794d9f7c415d32b316db9786d400fb63119339b5

SHA256
d05ae80a737575498186542935547e051c1546fee822aaed020424073974ba69

SHA512
7515441c36f6c92207f1691c96917faff381eae04a2831fd0e9baa741760d19581b532bea5f0f79331cc4db55f9523bd8a8023573dfb52dcb55f3e44413eb629

Download Submit
memory/3000-0-0x000000002F701000-0x000000002F702000-memory.dmp

Filesize
4KB

Download
memory/3000-2-0x0000000070C0D000-0x0000000070C18000-memory.dmp

Filesize
44KB

Download
memory/3000-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/3000-11-0x0000000070C0D000-0x0000000070C18000-memory.dmp

Filesize
44KB

Download
memory/3000-26-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download