Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
134s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09/07/2020, 15:37
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKD.34139809.20191.20380.xls
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.GenericKD.34139809.20191.20380.xls
Resource
win10v200430
General
-
Target
SecuriteInfo.com.Trojan.GenericKD.34139809.20191.20380.xls
-
Size
911KB
-
MD5
5d3da35b75a8ebd4ea01e5dfea3cc964
-
SHA1
a96ad70d56e1fb611b6ecc29029b813b9d3948ff
-
SHA256
0e7dcaa2a0b1d03753b49f7fd799a82c9c0ee20b6d1b02496151f53e234ddd91
-
SHA512
6d887b61524f8ceec84268623b9187b98c1ce6ec96ab3650bab587253b3e71e77480e3e39e75e7beb106c847c8ae98e0257613e220d62dfbde0ff9ee62e55c3c
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE 664 EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 664 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Enumerates connected drives 3 TTPs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.34139809.20191.20380.xls"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Enumerates system info in registry
- Checks processor information in registry
PID:664