f295fb0d0156fa68847fb0acfd0888cb4e01147c9f5bfdea8e6606adeef00dcb

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PHP搜索引擎20110614bate版/PHP搜索引擎正式版_系统解决方案应用说明.rtf
Size

3KB
MD5

5f88c994a1217e889429e4be5669bfc6
SHA1

e1406cda52f03f3490bd42a696da7c52106078fb
SHA256

e8c198aa1aecc13e41e5e8a40582b5ee0abc5a3a24775cea1dd5369baa454383
SHA512

e7387794997070759a308077b6df3e3c9c744c6b57777e7fddb856785b3987e66a61f8cade5ab8c0e941aadf62be82016e3cc14d65b699d686f03cbe6c46b0fc

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3464	WINWORD.EXE
3464	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3464	WINWORD.EXE
3464	WINWORD.EXE
3464	WINWORD.EXE
3464	WINWORD.EXE
3464	WINWORD.EXE
3464	WINWORD.EXE
3464	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\PHP搜索引擎20110614bate版\PHP搜索引擎正式版_系统解决方案应用说明.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TCD62C0.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
0fa099517825e43e0520398ce25b4fe0

SHA1
bf64dfa7154a906f60689227f1f884eedb7813ed

SHA256
d9bee1db2f48db7d4c47c7bda6ca041e16672c34bf786a39ba0180a38d24a66e

SHA512
d2d8ab5fba00ed5535359bef9972b943950ec36db07c2e2f4ce80558eef31c3736c49626542c493146f7e0e2998783f17a39f2934198798540e1eaaf321e3860

Download Submit
memory/3464-20-0x00007FFA6BBC0000-0x00007FFA6BBD0000-memory.dmp

Filesize
64KB

Download
memory/3464-42-0x00007FFAAE4AD000-0x00007FFAAE4AE000-memory.dmp

Filesize
4KB

Download
memory/3464-9-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-8-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-12-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-14-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-15-0x00007FFA6BBC0000-0x00007FFA6BBD0000-memory.dmp

Filesize
64KB

Download
memory/3464-13-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-11-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-10-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-7-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-6-0x00007FFA6E490000-0x00007FFA6E4A0000-memory.dmp

Filesize
64KB

Download
memory/3464-4-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-1-0x00007FFAAE4AD000-0x00007FFAAE4AE000-memory.dmp

Filesize
4KB

Download
memory/3464-5-0x00007FFA6E490000-0x00007FFA6E4A0000-memory.dmp

Filesize
64KB

Download
memory/3464-19-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-44-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-16-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-3-0x00007FFA6E490000-0x00007FFA6E4A0000-memory.dmp

Filesize
64KB

Download
memory/3464-41-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-18-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-43-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-17-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download
memory/3464-2-0x00007FFA6E490000-0x00007FFA6E4A0000-memory.dmp

Filesize
64KB

Download
memory/3464-0-0x00007FFA6E490000-0x00007FFA6E4A0000-memory.dmp

Filesize
64KB

Download
memory/3464-548-0x00007FFA6E490000-0x00007FFA6E4A0000-memory.dmp

Filesize
64KB

Download
memory/3464-550-0x00007FFA6E490000-0x00007FFA6E4A0000-memory.dmp

Filesize
64KB

Download
memory/3464-551-0x00007FFA6E490000-0x00007FFA6E4A0000-memory.dmp

Filesize
64KB

Download
memory/3464-549-0x00007FFA6E490000-0x00007FFA6E4A0000-memory.dmp

Filesize
64KB

Download
memory/3464-552-0x00007FFAAE410000-0x00007FFAAE605000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads