Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    142s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    09/07/2020, 15:07

General

  • Target

    aa2e16eb340092bab078db3f0d8848606f332a7e052888346b3c47ac37a9de77.doc

  • Size

    132KB

  • MD5

    af25d98ae8d414145376cd8f1a30cc91

  • SHA1

    3564e94e0d449ed7dd5c0013dc11b7efdbd9b13b

  • SHA256

    aa2e16eb340092bab078db3f0d8848606f332a7e052888346b3c47ac37a9de77

  • SHA512

    4e35717e9d242f81244eb4d7809945d6bc36e2655a5a2f8873a062a7be0c2c34e518ad330cf7297306f691a5c4a9215c9162c8e2eed486bb1467a698a5bb0a91

Score
10/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Suspicious use of WriteProcessMemory 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present

Processes

  • C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\aa2e16eb340092bab078db3f0d8848606f332a7e052888346b3c47ac37a9de77.doc"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:676
    • C:\Windows\system32\regsvr32.exe
      regsvr32 c:\programdata\19165.jpg
      2⤵
      • Process spawned unexpected child process
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/676-0-0x0000000005A10000-0x0000000005B10000-memory.dmp

    Filesize

    1024KB