Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
21/09/2024, 18:39
General
-
Target
PHP搜索引擎20110614bate版/PHP搜索引擎正式版_系统解决方案应用说明.rtf
-
Size
3KB
-
MD5
5f88c994a1217e889429e4be5669bfc6
-
SHA1
e1406cda52f03f3490bd42a696da7c52106078fb
-
SHA256
e8c198aa1aecc13e41e5e8a40582b5ee0abc5a3a24775cea1dd5369baa454383
-
SHA512
e7387794997070759a308077b6df3e3c9c744c6b57777e7fddb856785b3987e66a61f8cade5ab8c0e941aadf62be82016e3cc14d65b699d686f03cbe6c46b0fc
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\PHP搜索引擎20110614bate版\PHP搜索引擎正式版_系统解决方案应用说明.rtf"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD59ac745ba51271b195672d461849da970
SHA145e29e734f5f1ff53f9e3d8d289d8f4d3e367e00
SHA2561055381d7ef6faa64da7efae117f77a4b5f1ea7ee9813dfba4ef27842b00ba68
SHA512403ad8e62a3a8662a43dd8bf77791e21af72ca829b9d03516fd96ed8e673a5dbb0633603b1f4b6a932f7ae9b30d6a1a279a9fc574b6e3a5982fb6bbe26aad2b2
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
64KB