Overview
overview
10Static
static
89月资金...��.vbs
windows7-x64
19月资金...��.vbs
windows10-2004-x64
1曹/关于...�.docx
windows7-x64
1曹/关于...�.docx
windows10-2004-x64
1曹/关于...��.vbs
windows7-x64
1曹/关于...��.vbs
windows10-2004-x64
1曹/新型...��.xls
windows7-x64
10曹/新型...��.xls
windows10-2004-x64
1曹/资金...6.docx
windows7-x64
4曹/资金...6.docx
windows10-2004-x64
1Analysis
-
max time kernel
0s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
27-12-2023 12:17
Behavioral task
behavioral1
Sample
9月资金预算--QQ直接接收/审计监察部-9月份资金预算表.vbs
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
9月资金预算--QQ直接接收/审计监察部-9月份资金预算表.vbs
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
曹/关于上报资金预算的通知2012.8.27/关于上报资金预算的通知.docx
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
曹/关于上报资金预算的通知2012.8.27/关于上报资金预算的通知.docx
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
曹/关于上报资金预算的通知2012.8.27/陕西北元化工集团有限公司资金预算表.vbs
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
曹/关于上报资金预算的通知2012.8.27/陕西北元化工集团有限公司资金预算表.vbs
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
曹/新型煤化工调研表(北元化工).xls
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
曹/新型煤化工调研表(北元化工).xls
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
曹/资金调度、资金结算上线指引_20120516.docx
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
曹/资金调度、资金结算上线指引_20120516.docx
Resource
win10v2004-20231215-en
General
-
Target
曹/新型煤化工调研表(北元化工).xls
-
Size
108KB
-
MD5
7a6a6082abf0cbc5d3ea006b9f0c5897
-
SHA1
e78b0d6bd93f8e91e7e721d598f89d70870aa033
-
SHA256
fe4b9bf7a264eeeb984bc12f2e3c66eaea0b7ac052ec4f32516268aa73b3172f
-
SHA512
16fabb6c2bb3dbbe5d6b0defd63cead3e79fa13c00313540bc59458d29461c26c922eccce32c08b3651867c6031cc4fda76de82b24e3f42c32d206e8ba0c63ba
-
SSDEEP
3072:OD0l6Nc7yRzs1H75wkZUgsQ6NqTBun5o5PxWVbrzQ7I3kZYjhJtXwXK:vl6Nc7yRzs1H75wkZUgsQ6NqTBun5oBk
Malware Config
Signatures
-
Views/modifies file attributes 1 TTPs 1 IoCs
pid Process 5092 attrib.exe
Processes
-
C:\Windows\system32\attrib.exeattrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"1⤵
- Views/modifies file attributes
PID:5092
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c RD /S /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"1⤵PID:4960
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c Del /F /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"1⤵PID:448
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"1⤵PID:5060
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\曹\新型煤化工调研表(北元化工).xls"1⤵PID:2320