Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
4Static
static
3Inkecn.exe
windows7-x64
3Inkecn.exe
windows10-2004-x64
3Update.exe
windows7-x64
3Update.exe
windows10-2004-x64
3icon/新云软件.url
windows7-x64
1icon/新云软件.url
windows10-2004-x64
1pic/make/�....0.doc
windows7-x64
4pic/make/�....0.doc
windows10-2004-x64
1大众印�....0.doc
windows7-x64
4大众印�....0.doc
windows10-2004-x64
1Analysis
-
max time kernel
139s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
23/08/2024, 22:34
Static task
static1
Behavioral task
behavioral1
Sample
Inkecn.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Inkecn.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Update.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Update.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
icon/新云软件.url
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
icon/新云软件.url
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
pic/make/大众印客精灵-使用说明V1.0.0.doc
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
pic/make/大众印客精灵-使用说明V1.0.0.doc
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
大众印客精灵-使用说明V1.0.0.doc
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
大众印客精灵-使用说明V1.0.0.doc
Resource
win10v2004-20240802-en
General
-
Target
pic/make/大众印客精灵-使用说明V1.0.0.doc
-
Size
929KB
-
MD5
e1a5bd1826d74324215c3e3a57afc189
-
SHA1
9bcf559ef8d2c33272a778fb7659fac8e644de17
-
SHA256
9fe3d0af4ea3aa389e302b92b4f8a58bef3e47db9c9fabad979f059c439be4cc
-
SHA512
a3dae27898535dc190cf61c3d22caf0b1974c8cc492ee5b449e48acefe7c91e040e12e6682607d309367335080b3834895d1f6456dabea178503018a0637adb3
-
SSDEEP
12288:BYbgpEuuJixqlsQsUCO82R1vRpgP2BZMvUUAsKPpGIaN4MgLi3LrBi38FEkbmWCE:BLpBu4Mi41v3gcy6sKh/rL8xi3CRbd7
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2996 WINWORD.EXE 2996 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 16 IoCs
pid Process 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE 2996 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\pic\make\大众印客精灵-使用说明V1.0.0.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4768,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=1284 /prefetch:81⤵PID:2456
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize1KB
MD59b11fa63563dff648aba3efd24245b15
SHA1164ff424479cc9c0ce45c531eb44e58de9892db2
SHA256578ea444d5b6c53f09543062684a8592129fce61ba91cf6d47b15f781f4ad98a
SHA512dcd8a7d6089fcece49d7d7e5af0e602d706a40bf95ea9ed11bdb349485c7cca0eec70e0358bbc52cb75fe98f9f5674eb05bc44674c64e95434f044bb4f3a5012