afa14bb2f5c6ab16dbe5c053acd8d9651b26e41e13ec05a1a959860f267a9ede

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

毕业设计---办公楼及食堂中央空调设计（含图纸）/毕业设计---办公楼及食堂.doc
Size

1.8MB
MD5

0e13c1df78c9a3ea689c6dcf6ecbd89f
SHA1

36b515013c672f58e1ec14eee17003663469d8ec
SHA256

58b4981a210ab666c27d3a0f189c50149662ecfe4ca04d8fd83447f0185f6bb6
SHA512

4b45b0c3d5df641666f78e6775d618dbdcfde835a5f56ea8db07f58e1b816bc0181f144c9ff688c0c289a0ce3d7a32a3981dd45965a5c7b21c86e95f2407c102
SSDEEP

6144:uBdFjJVl/cOjvvsSQ1OqoutG3kKHGzVvMoJKOhBUO1swsApgNcQRnJT5la5GwW5y:8d7Lf6OqNpFBGAgJFuuMjeA

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2616	WINWORD.EXE
2616	WINWORD.EXE

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE
2616	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\毕业设计---办公楼及食堂中央空调设计（含图纸）\毕业设计---办公楼及食堂.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\10441889.wmf

Filesize
402B

MD5
1784e8b0bfdad02cc3fa5bde9dc32ae3

SHA1
4e86e3d2a31f3affd66b10dd1fa63e4194204425

SHA256
e74bc035b34e63e16a1345f31a355761d9be902a1479a2959eca3fc672399891

SHA512
b94f0122c5eda95b1fd9e674ff7098431a6ede937e9da514b918700869fb3876e8d3efb8afb11378a629e7b6fb0609df7a017f8b8a7d5ac624eb3c8663a96470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\10F2E43A.wmf

Filesize
402B

MD5
7972e8a5756c3b5a41db4f175bdd789e

SHA1
c918cfb5cc0265e05e8d046f56e0afefd92a6b1c

SHA256
ce6857bc4fb9d7ab1273b9bc33186c18412582659d8b756a158be246f708173b

SHA512
09a7e2066ad5605e0e66bbcd51028811bcdaceb7d73334469b0c95d9b3ebd0dc2dbf43c2e8ac0650c0cd429032f29d156d0fa36871aa634c169fa08ef6f59984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\30EC23B.wmf

Filesize
402B

MD5
cdb05f1156d0d963fe1719eeb18bb234

SHA1
7fbc65cc94cf59e050037209946df12ca8c0ac63

SHA256
d0fe5bdc89554093def9da1d2e24aeb1be71a6d9b60a541aabc4966a62e7ae47

SHA512
72f24b23bca2780bbf4f3193494a5c70e051cfc5e8a5119599ed32257c34515e5b7c8b3c3f8db9fab8b8fc145fa05388473edb82448ec39e9021c32771daadbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\36BE0883.wmf

Filesize
402B

MD5
0efe4417728973d616a70a07d11e342b

SHA1
84b14a605a7edc1555ea255dd45cf706d0b3e1b3

SHA256
65f8f6c986163babc6bfe604bd562df5d4dfbc326d7400afad640ca019ff0543

SHA512
b8528e2feeb0ec0bd0c3ffa208ac9e66bdc3b6425bfffaa9ff49a62f0d850053b585b6dbd84060a0062f0a7ce07490e09123aa5e4a5cd2badc245f71856126b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4760163E.wmf

Filesize
900B

MD5
55699d9f9e4d0d99fdc2725d1fc1a64c

SHA1
4a16a8ec8497c467a76872f1c8fbad310990fb2f

SHA256
5b784c112ba5b96dfb99c91cdbd4195a3e1c4fccb2fdd252135d451084ff6563

SHA512
cc565b95d876d38734124485579a5682ebdec71fedd72149d5bc7a58302d83228eebec9cb396e448e374b36adbb7452490c5855a5d2f90ac93f16d253846188a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6DD42FDE.wmf

Filesize
402B

MD5
1b6f01ae99e647987d9848990a1e3c72

SHA1
c25172a53a9f669bd031917def02895f0283cec6

SHA256
7f49afef683f780e2ec9ff002cc0bfe80216e4f0d473c031de2a98106b09f954

SHA512
415eb58ea7ed32c7df98599d18305cb20374c242069faf397ae0f913c87ad7d63c2a3b155a8259af728e00c8f09d2d9819201b7ab360cf9b7d2167128c14276b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9D26E858.wmf

Filesize
402B

MD5
1e1f65eccdcb1e665cbce9ae100b0be2

SHA1
0d15cc9e147ac1162686ddab3d055735d7e7c334

SHA256
dd135bad7341b5daa18e3dcfc503f7a229b3815452579627906760c014b6a87f

SHA512
a812b72c9019b82df0666ed249cd233b5166fee94904e28301930892347b34ec3beabbac12c532d774bca028cafae3f927d54c218bd739c4235bc02bebea1a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E2D6D47F.wmf

Filesize
314B

MD5
e173bbf4464794d60a79c979e90c20fc

SHA1
1252d35519457a1c412f371512df1fdaacb36723

SHA256
8b804b1c64f116c627c6c8a995140ff6059749dbee2ffcecd640c4aade5c590e

SHA512
75b68ed7674d48257c362f66ff0da3fe2633210d1b3ce734298103582ee7a3759b3328f71e4b90ce93cd65d48f8cff5780ef38ee590478d6f48be5c312c0ea21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\ECEEB2F3.wmf

Filesize
402B

MD5
36ec214c39d51a416142021e72ab20c0

SHA1
530318def4867bcc66d886a4b42e47eaa389c382

SHA256
e1e58a0d6144134d8d2e49108affb1872f89e00ad3dcf76bbee797d68644e454

SHA512
5c317db2b89528d27053105946e2ca24a691e3ae3e6ab996551b60d122ca0f23317d884c57fa417ad4d4ecd45cda36c7434a09050e55d09afb6dce2b2b4c663d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD819C.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2616-10-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-7-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-15-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-18-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-17-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-16-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-19-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-22-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-21-0x00007FFD5F290000-0x00007FFD5F2A0000-memory.dmp

Filesize
64KB

Download
memory/2616-20-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-14-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-13-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-12-0x00007FFD5F290000-0x00007FFD5F2A0000-memory.dmp

Filesize
64KB

Download
memory/2616-1-0x00007FFD612F0000-0x00007FFD61300000-memory.dmp

Filesize
64KB

Download
memory/2616-11-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-9-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-8-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-6-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-5-0x00007FFD612F0000-0x00007FFD61300000-memory.dmp

Filesize
64KB

Download
memory/2616-4-0x00007FFDA130D000-0x00007FFDA130E000-memory.dmp

Filesize
4KB

Download
memory/2616-3-0x00007FFD612F0000-0x00007FFD61300000-memory.dmp

Filesize
64KB

Download
memory/2616-0-0x00007FFD612F0000-0x00007FFD61300000-memory.dmp

Filesize
64KB

Download
memory/2616-2-0x00007FFD612F0000-0x00007FFD61300000-memory.dmp

Filesize
64KB

Download
memory/2616-692-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-693-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download
memory/2616-842-0x00007FFD612F0000-0x00007FFD61300000-memory.dmp

Filesize
64KB

Download
memory/2616-841-0x00007FFD612F0000-0x00007FFD61300000-memory.dmp

Filesize
64KB

Download
memory/2616-843-0x00007FFD612F0000-0x00007FFD61300000-memory.dmp

Filesize
64KB

Download
memory/2616-844-0x00007FFD612F0000-0x00007FFD61300000-memory.dmp

Filesize
64KB

Download
memory/2616-845-0x00007FFDA1270000-0x00007FFDA1465000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads