Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

raccontare...20.doc

windows7_x64

10

raccontare...20.doc

windows10_x64

1

Analysis

  • max time kernel
    127s
  • max time network
    25s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    11/07/2020, 07:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    raccontare.07.08.2020.doc

  • Size

    134KB

  • MD5

    bcc82032ede3c935fd6e7c1deb1ad072

  • SHA1

    33e69f3c2a77b369421bbd315f5ed2d2e94160a2

  • SHA256

    2b276d5638fef9e9774853b42fe3626c15a13653423c2da87638f725b687696b

  • SHA512

    aa491163724907095ca85bced842f203e70c843f0d1eeb1b10bfd8f81684169297ee92f07de2451f03f1463075ca51795446fcc5faacdc0dd67971edbbc0cb52

Score
10/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Suspicious use of WriteProcessMemory 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\raccontare.07.08.2020.doc"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:376
    • C:\Windows\system32\regsvr32.exe
      regsvr32 c:\programdata\64632.jpg
      2⤵
      • Process spawned unexpected child process
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads