Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
136s -
max time network
143s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09/07/2020, 10:44
General
-
Target
91154f00f6a9b655f48a2e5988b92a66d07aaffc252150298a19e566cba9e694.doc
-
Size
147KB
-
MD5
888dced0beca26f8f50fe090dacae376
-
SHA1
3f483175ebf4e45923ad12d4f3769e96dc1166c6
-
SHA256
91154f00f6a9b655f48a2e5988b92a66d07aaffc252150298a19e566cba9e694
-
SHA512
7a00d75b63d9d907c73eb9076b1092c86b912229a01a81c800ec672c3ed63f749d323cead32609c24296fae69ebb0110de242635198bb1c8765c51fc05491c11
Score
10/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\91154f00f6a9b655f48a2e5988b92a66d07aaffc252150298a19e566cba9e694.doc" /o ""1⤵
- Suspicious use of WriteProcessMemory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" EA.tmp2⤵
- Process spawned unexpected child process
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
-
Filesize
20KB
-
Filesize
20KB