Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
8关于公�...�2.doc
windows7-x64
4关于公�...�2.doc
windows10-2004-x64
1关于公�...��.doc
windows7-x64
4关于公�...��.doc
windows10-2004-x64
1关于公�...��.xls
windows7-x64
10关于公�...��.xls
windows10-2004-x64
10关于公�...��.xls
windows7-x64
10关于公�...��.xls
windows10-2004-x64
10关于公�...�3.doc
windows7-x64
1关于公�...�3.doc
windows10-2004-x64
1Analysis
-
max time kernel
141s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 05:26
Behavioral task
behavioral1
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语8号附件2.doc
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语8号附件2.doc
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.doc
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.doc
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012〕8号附件3.doc
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012〕8号附件3.doc
Resource
win10v2004-20231215-en
General
-
Target
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.doc
-
Size
33KB
-
MD5
045dcd88c48553d73ec26a01e03cadce
-
SHA1
26af2d322fc3ea6be6f71351e6502490a6f07dda
-
SHA256
c116a3f1b0ed9fafe6338269a051f34fcf9386da9456f6d8402c7eb8bad3e5cb
-
SHA512
ebadc920f0beb8b8d71ca90243220f979332e1b7e7c66f4ce7dc87c754f17a20443bf54a1d748c5ad32456334bd412042628fd70756d09c1f2131221643221c7
-
SSDEEP
384:uXGBTCXDEKdZtCLmA7aMQz3DfChDU3QuZMdFMjSy9vi:1g1dZtCLmAwfChDZu2yZi
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 1312 WINWORD.EXE 1312 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE 1312 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知\闽教语〔2012��.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1312