e3b7204f05906b5fd3e6e5e6a47243e8fd785e3d573744efbb066647cd90d551

General

Target

交通设计课程设计/交叉口交通设计.doc
Size

254KB
MD5

dd8a1e23ecce502b5599c70f22acc013
SHA1

a22f8000d9f3b577a29222dd8ca44434d57248f2
SHA256

816d126e0af467999c7c537ebddc391746c2c7ae79db9d65c6627858afe16140
SHA512

154845944d13011d1beae731a61b738194dea706acc1d71033dad35ba7dd4bfda422f527e156c9f7aebd61dd021c0a7bcc1fe0e37129c429127807fe7ad51f9c
SSDEEP

3072:9CYIY4BvLj263i0yHPIsXv4GRQI2s9hugZTMnz0mL1UpZZA:9qBvLj263iFL4yQI2s9jZmzxL

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4472	WINWORD.EXE
4472	WINWORD.EXE

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE
4472	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\交通设计课程设计\交叉口交通设计.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A2319B6B.emf

Filesize
21KB

MD5
c00654dd99cf8804416c1bec63a91a39

SHA1
b6cece2b410f6affbe8d12e0fda9856f5eb9efe8

SHA256
14e322bc34f826476435f3990dde6d0e305f0d5df3c29e6f5f2bf4e58cd4d190

SHA512
df1cc8a6cf7c43f28079e9f3b05d18a77c292ee64d130254742ee300611e13e651a04ab0929feb50deb40a6d168c29575d736e7cd5eca54e5c047c78c149ac40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A3A41F6C.wmf

Filesize
1KB

MD5
6d240969d121e7db5a95d1e9f727707e

SHA1
aa4e56de4a4381d665fd6f2f97cb37bf422ad910

SHA256
82e187377ce45c330e7868bdcaa13c856237c033cf2f544f4ed26d553859f66a

SHA512
3bfce9bf01e164ec46a5dde5449b03a10caea486da6fed4296b0db2a3665f903189e4931062e7a58cbc3824c7021211bfb7f8f03701d86e8da7826a361047b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D158281C.wmf

Filesize
162B

MD5
a53ff3b2b74b0493cd2dd5351bcb2760

SHA1
982c525be61d9769829d2f0a94db5d61d95ba050

SHA256
ac5f55a119b8894f347a6e85328d4a1e7ba350e0d4ea98ce1d3b2f95faecb5f2

SHA512
0e33adb10427d0e8bef3e170009361cc569f0ea0ccba63609bb91cb7830a8ee7b4c65c92fc56def2d0ab5e69f6ca955410f1b3761ab34d18cc45bbdcb10f7f65

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4472-8-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-23-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-6-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-7-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-2-0x00007FF982750000-0x00007FF982760000-memory.dmp

Filesize
64KB

Download
memory/4472-9-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-11-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-10-0x00007FF980260000-0x00007FF980270000-memory.dmp

Filesize
64KB

Download
memory/4472-12-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-13-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-14-0x00007FF980260000-0x00007FF980270000-memory.dmp

Filesize
64KB

Download
memory/4472-15-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-16-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-17-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-21-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-4-0x00007FF9C276D000-0x00007FF9C276E000-memory.dmp

Filesize
4KB

Download
memory/4472-22-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-20-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-19-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-18-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-5-0x00007FF982750000-0x00007FF982760000-memory.dmp

Filesize
64KB

Download
memory/4472-3-0x00007FF982750000-0x00007FF982760000-memory.dmp

Filesize
64KB

Download
memory/4472-0-0x00007FF982750000-0x00007FF982760000-memory.dmp

Filesize
64KB

Download
memory/4472-1-0x00007FF982750000-0x00007FF982760000-memory.dmp

Filesize
64KB

Download
memory/4472-171-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-269-0x00007FF982750000-0x00007FF982760000-memory.dmp

Filesize
64KB

Download
memory/4472-270-0x00007FF982750000-0x00007FF982760000-memory.dmp

Filesize
64KB

Download
memory/4472-268-0x00007FF982750000-0x00007FF982760000-memory.dmp

Filesize
64KB

Download
memory/4472-267-0x00007FF982750000-0x00007FF982760000-memory.dmp

Filesize
64KB

Download
memory/4472-271-0x00007FF9C26D0000-0x00007FF9C28C5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads