Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
132s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07/07/2020, 18:01
Static task
static1
Behavioral task
behavioral1
Sample
4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f.xls
Resource
win7
Behavioral task
behavioral2
Sample
4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f.xls
Resource
win10v200430
General
-
Target
4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f.xls
-
Size
189KB
-
MD5
4fda007a1779631ae14da954cb0b95d4
-
SHA1
f335a6c4998871b9f7ca20e5e7f41878db0f2b3f
-
SHA256
4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f
-
SHA512
7d907f5ddc72823e5dea5fbd393ec6002fc1b2bc858cc5017c0984de4c6a504407ce942ed854deff02cec41871cfefb4475337c65b8a4993a9c52364a5d77f46
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 640 EXCEL.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f.xls"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry
PID:640