Analysis

  • max time kernel
    3s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2023 12:17

General

  • Target

    曹/资金调度、资金结算上线指引_20120516.docx

  • Size

    311KB

  • MD5

    dc54d018fd87216b162c0b81a74230db

  • SHA1

    fd2088ac235fb4c56088967ae0efd42c480fbe69

  • SHA256

    1e0e305e40a5efbb9aa30e2c6191dbcfd50363e595da066aa07f93a8a1190bd6

  • SHA512

    d06eff4d06175a45d5517f9fbab7c0b31f758e8a9a66b037cacea2fabbb412de46607d7af9ecd8bcc3d73caa46299fa6b0ffdb011fca8493a91657439060014f

  • SSDEEP

    6144:Aoatrf5aTbfK+hxxuj6dsd+GkzMdG08oGpeGnzVxh/Q7ID/SeW:AndgTO+Zu4sd+AGZX1xxJQ7IzSZ

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\曹\资金调度、资金结算上线指引_20120516.docx" /o ""
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\63678D8D.emf

    Filesize

    37KB

    MD5

    bf0878e35394984f325f9bd31486ebe9

    SHA1

    d5e1fcf5cea61695debf6786d1603eae79b62032

    SHA256

    e79f58b78e6a7bcacae6ada886ed67cf573110683154649259d00e7bc1f88ec7

    SHA512

    e4d37cc9e90b19a4ad6e8e7aa39369eb7c4e2751cdd288dbf6b4c886047e65fc72ce4206b9dd3e4e977303de9861fe8c38da122ab791c4bcb770c1eefb7bb56d

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\954213E7.emf

    Filesize

    76KB

    MD5

    c8e862c39cdfe338515c5a82c795bdbc

    SHA1

    b6f397c0468e240ce9064d00e630e6a612588e5f

    SHA256

    68cfa6c8ca55cf531a1621a3973f0de45790c034791f79fc876c59ec6f0027d0

    SHA512

    c8dd8033a0808d7879bfe15ab9b0419740c3e6385338ad52eae03dfcc796eb117eac28e53faaef1f56d40a1787aa1f89fe5592785008bb45d6a9795aec1c12c0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D9D80CBC.emf

    Filesize

    18KB

    MD5

    30bb6d7c2150b83ca654c7d24884b491

    SHA1

    f7b1c1d436a461d881c01e6cf5994de58b2ed2d5

    SHA256

    65034e7e68535b260cb391cd6d6b5fbca7b812c1456884cd7b946cdde5581ab6

    SHA512

    7c0d4bdf942083043105e067b9da14edf57fd7c854d39c4578e7f3ac574be6d24f16b7057bcef41d2ca3458ed68fc06d2a8714eb0547b80dda43278bc9f4647a

  • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

  • memory/1528-19-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-3-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-16-0x00007FFDAF270000-0x00007FFDAF280000-memory.dmp

    Filesize

    64KB

  • memory/1528-18-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-1-0x00007FFDB1AD0000-0x00007FFDB1AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-17-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-15-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-14-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-12-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-9-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-7-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-5-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-20-0x00007FFDAF270000-0x00007FFDAF280000-memory.dmp

    Filesize

    64KB

  • memory/1528-4-0x00007FFDB1AD0000-0x00007FFDB1AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-2-0x00007FFDB1AD0000-0x00007FFDB1AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-13-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-0-0x00007FFDB1AD0000-0x00007FFDB1AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-11-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-10-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-8-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-6-0x00007FFDB1AD0000-0x00007FFDB1AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-72-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-103-0x00007FFDB1AD0000-0x00007FFDB1AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-106-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-105-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB

  • memory/1528-104-0x00007FFDB1AD0000-0x00007FFDB1AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-102-0x00007FFDB1AD0000-0x00007FFDB1AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-101-0x00007FFDB1AD0000-0x00007FFDB1AE0000-memory.dmp

    Filesize

    64KB

  • memory/1528-107-0x00007FFDF1A50000-0x00007FFDF1C45000-memory.dmp

    Filesize

    2.0MB