9669d01ac7c432a79c329f4bec5df37c070ad65ccb5007987109411412b58afd

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TRANSCEND-SM32X-PV1.2.44-BY-USBDEV-Q1022/UFD_MP/FactoryDriver/Documents_for_SMI_Driver.doc
Size

391KB
MD5

69e50539ed3640a5233ad7963d83d779
SHA1

beb2d2cf8fa91c9b1f3350ec11704f25b9182288
SHA256

31ba4b475fbf247537245573f97e50ed946f57845282456c2fecdf94b0b73c48
SHA512

bf92f44570051246045d81928a545f3ad0fe6bb4c6982674d853397d80773972c19ddb64c06ae1d36709d2411a0d528aaebb3bee51a32b4d6e75914c5c64b249
SSDEEP

6144:MiVi+xZo/mAKBGLU9xYauC6p3qvte3Vm2mWQNgD1UsX+Sm8CA4ialo8Ij:MiViYZ0GQU967C6p3moVmJNLsX/PCAO

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1468	WINWORD.EXE
1468	WINWORD.EXE

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\TRANSCEND-SM32X-PV1.2.44-BY-USBDEV-Q1022\UFD_MP\FactoryDriver\Documents_for_SMI_Driver.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15E28E94.emf

Filesize
124KB

MD5
ec8ca3a286271a1e81feb62864663ea7

SHA1
d66be03227b4542f958bd0ea642b507c0cc6c048

SHA256
4f7ddf09c6c0df3d3393164f926f33049f0d1a2e333bfdeafd5f5761b2934567

SHA512
cb187c4a94a8f8610c0584af598083278eaa6e1c269cdf075fcd088baf41c9a17fc85eb8c9708a5e0b324a8f9ef33c8d029ef45288b0003d463f0fe4d01759de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\19F3272A.emf

Filesize
189KB

MD5
ef6436d61458cf2e9ebc3e1f9f9b90bc

SHA1
d8aa820c992890f76438dbdeb90055fafa74878c

SHA256
efdf341d96739298865e366e3afc7e81026f96d81cfaba52d6e4962209ed2f83

SHA512
6797af1f6dc919d10433dc7b23c7d952c31bd934c25a7f65833ed8783d3df248302f820fc0576e774dc69869d0b788cbcfdaf896f12e66477dc770ac3f257663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2CFB0B92.emf

Filesize
126KB

MD5
0a4fbcbca44f4b920de830ad3b59f4cb

SHA1
811145165d085b018cb481dfb6a54a346a26faca

SHA256
c14aeb882f9e150d3a4a6869a4daaf0494e821445dab5b8d709b8bc850134d8c

SHA512
dc21c4531d078a97e0a5e409d9a55fcff424e19d5fa0a56a977a24d1337ac88235a378629a2bdd1e3d7d56b338fd3ca1fa7e11dd1c2ef9a1ca448e2292fa0cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2E8532B1.emf

Filesize
381KB

MD5
ae2fcb865bbe42d9b2e673dfacf5542a

SHA1
e6ee1bcbaa71c36cb85d26512c9147d532e3cf17

SHA256
f77dd0cd19db091aa3d8082fa899c67f2c5fdbe46ac5a09a93128edb3bc808d3

SHA512
a8bf6f277e063039c10df0bdf9563205d08f38039ec1b2964dddcaf5e3d092142b5ce0ef9d9b88ae6cb8735be1a3a4e2ee1f8d2553ff184ad8bae12e46ad17b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\52FA3F1F.emf

Filesize
118KB

MD5
74ae5b87445017eabf973cfd6fb5b0f8

SHA1
723f431d5957a8be4f171524832d3c7f36c9abe2

SHA256
3cfd2b7a2856ca014cfdd3983032045fb2c5d98eec607f19c6bfad0c5f2fd1dc

SHA512
dcc02de339abd9cb4446267631da33b4e0c8bd8c689874cdfd9030e4db440b74a9e28d3aaac1678168799d3597cd74c9dd3ff8e0900bca2a682b9be8bfe8d53d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\60DB923.emf

Filesize
65KB

MD5
683527bb1766a155c972cf68e2ca39f5

SHA1
b27c5f69d908bedbc6718327c1610927b8ac4a6a

SHA256
6e303f052368fd5cad92212f4ac5d484e20290de2c4c2e0881a24f9db6535b90

SHA512
91eba018cb92999dc3d02e4a07864e2a9c7e69ed4a8af133edc58a78bc8e5bdd730bd1ff90b4ea496cc4f63ff83f143fdcea69fa8006fd505ad50ee8efd33833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\623F18FE.emf

Filesize
373KB

MD5
56d53402cbfc21804549678513669813

SHA1
e7f63b8ae72b80dfa6e164d5b97c90c2d2edfc40

SHA256
334e4ce90f830d859f61be88d1ebd1c80dd6fc30d783e9fb50d1c98486eca023

SHA512
c0f50182d1b9b507ae5675d6112bf2013b6dab53e032468955133c6b27ea9ce9673c031200dcb477ed936b9672a4357f88d63fc0962329faffd8afea0fe630ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\709DC26B.emf

Filesize
43KB

MD5
b389e725078091321136b913f85abb07

SHA1
2d56546a9229e211fea491940421b4ec3b166c7f

SHA256
919ed054c2e5fd156000afbde2007372aa3ec4f8c1a079efec44e9a7b1961df8

SHA512
7cf119af8b167c62818138dbae1193c5b2c45224eb5b3bf21ab7a8e9a61ec0fcdede81d1640ded299349cbb9dc0034e3690743cc352bc55faedaa7502c0ff824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7F733A8D.emf

Filesize
374KB

MD5
4f25f5728e0e92114d60503aa065afda

SHA1
58ab5a2500e29c808184ad021b555bc5847135b9

SHA256
b9693715c5f3b9998e46f5ffe58721871785066b327b2270cdface6c657735ce

SHA512
a54170b1f1893dad0633bc04720841457f49c6f22ca5191ebdf79b0f56f1cc3835e3e4cd4f571709bf2b4401bad89c79d31966b070f2151969819b6ebe643ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8FEC8170.emf

Filesize
382KB

MD5
64522a8b7062ebf6f01ff1bdb1306921

SHA1
b3184a85d7c7f8bfe8eac8a11fe7b8b2fbd9a9c3

SHA256
bc1c7d9380e168fd5e5b3513cb7787813276f7e97fb6f70b1b8a405c1f4d94cb

SHA512
5a2f221c26ddee543d189a01f9b25e0be8175326e3396555e9ae88bfb1d23abff458fcfb27415966adc8a5954b73288bce8875eb6b44a1af3c8d872874b386bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\91F778E7.emf

Filesize
376KB

MD5
045de414bc8a7a8035aefdb1a1f83eb8

SHA1
e20e9ca75290a52cd1756b5b60afa1128ddf53ab

SHA256
c45a1298fda31cbc63a704fe2c67571c95beee4c8925a8426bb7f379576519aa

SHA512
96e6da489776a44db97035a6053909ea365d12efabdecf358c798d340ac2a64ffd8328da6a523ee4dcb62c2cf1e6e19ce1ffd8da131941b6dcc5415956452d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\92593229.emf

Filesize
528KB

MD5
116bbbf0e807ebd965c6cd42430f8729

SHA1
fdef9a51d6689f3485617173ef87846c83194b71

SHA256
3f9770b1c31cb1320f397fa876c4b6834514907496d7d83ecd1ed8247202c5ec

SHA512
d2251b603d318629b56c1eca4edd054ba0098eabb5f6149109490eda4df6045d9ec2e83291e9ccf7462f429eb83ca1e02db81e6c2ae7a8786781e350b2a01803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D24C2DBC.emf

Filesize
242KB

MD5
ed0b464e5475e7b4a6b990b3b476167e

SHA1
893592967324ae2f4c2ca6b3872d5956bfd0b22a

SHA256
feb25705caaf742c0db937c97850d599ecffb5b94cf228d425743a40e4b0a034

SHA512
c68547c5e3d4fbce68eef8388013483103977998fdf2fac4e32a00edae5a60e79f62e733e9710f4961edba1ec9d3e9e326b818184392706d35bb219f6d48447c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DAE158C8.emf

Filesize
852KB

MD5
b72f8d74959f12d3da5a99b301795b99

SHA1
ba11873c3a93db6f2249aa6aa542dfb805ba43d2

SHA256
c432e639b3aec98ad11505892239365d27a5913377f1c2d7862d004906091326

SHA512
a836cddd94abacf0f7ea66b013072de77b3601131ad216ebc8c7f59a728f5075fb54a6bbd427eee8874c0913552d64c2989970797097f1abdad871c86ab17f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DE84E216.emf

Filesize
863KB

MD5
a5a683f323493b6aeaa38386786c7ecd

SHA1
0a8882093a714fb78bb4f85c6589cc76d9e002f5

SHA256
ce6f228c79dfae00da97ae2cc11550675b68b3b69c797f3809afe2afa592c528

SHA512
3839d09cbf964966cdd1ad11fcb5e92cfc01177592ea412b3e803cd0aacac207eb6f0a06a70743b8b31c8b0fb5847f01b5dc34356c00e1ea889c3fe11d087f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E609BE95.emf

Filesize
118KB

MD5
a3bf943985b170efb31b7410ed68cb39

SHA1
c28065a2769013c28b194a36903e762540703ad1

SHA256
1e7850a2b7b86dd9c50c04daea037fab05d0d4ab69edddc3452631559b2664db

SHA512
550a881854b53df3eaa18fdd9c505089e0c95ccdee0777f2a5138e3adccfb6e1bbab7f74421991528379bec07ae5a7c04c6a370fea632c0bcc290a17d92daa28

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDCC86.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1468-5-0x00007FFA3608D000-0x00007FFA3608E000-memory.dmp

Filesize
4KB

Download
memory/1468-16-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-10-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-11-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-9-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-7-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-8-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-17-0x00007FF9F3F90000-0x00007FF9F3FA0000-memory.dmp

Filesize
64KB

Download
memory/1468-12-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-0-0x00007FF9F6070000-0x00007FF9F6080000-memory.dmp

Filesize
64KB

Download
memory/1468-1-0x00007FF9F6070000-0x00007FF9F6080000-memory.dmp

Filesize
64KB

Download
memory/1468-6-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-2-0x00007FF9F6070000-0x00007FF9F6080000-memory.dmp

Filesize
64KB

Download
memory/1468-15-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-4-0x00007FF9F6070000-0x00007FF9F6080000-memory.dmp

Filesize
64KB

Download
memory/1468-3-0x00007FF9F6070000-0x00007FF9F6080000-memory.dmp

Filesize
64KB

Download
memory/1468-14-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-188-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download
memory/1468-13-0x00007FF9F3F90000-0x00007FF9F3FA0000-memory.dmp

Filesize
64KB

Download
memory/1468-720-0x00007FF9F6070000-0x00007FF9F6080000-memory.dmp

Filesize
64KB

Download
memory/1468-721-0x00007FF9F6070000-0x00007FF9F6080000-memory.dmp

Filesize
64KB

Download
memory/1468-719-0x00007FF9F6070000-0x00007FF9F6080000-memory.dmp

Filesize
64KB

Download
memory/1468-722-0x00007FF9F6070000-0x00007FF9F6080000-memory.dmp

Filesize
64KB

Download
memory/1468-723-0x00007FFA35FF0000-0x00007FFA361E5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads