Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
126s -
platform
windows10_x64 -
resource
win10 -
submitted
11/07/2020, 07:24
Static task
static1
Behavioral task
behavioral1
Sample
raccontare.07.08.2020.doc
Resource
win7v200430
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
raccontare.07.08.2020.doc
Resource
win10
0 signatures
0 seconds
General
-
Target
raccontare.07.08.2020.doc
-
Size
134KB
-
MD5
bcc82032ede3c935fd6e7c1deb1ad072
-
SHA1
33e69f3c2a77b369421bbd315f5ed2d2e94160a2
-
SHA256
2b276d5638fef9e9774853b42fe3626c15a13653423c2da87638f725b687696b
-
SHA512
aa491163724907095ca85bced842f203e70c843f0d1eeb1b10bfd8f81684169297ee92f07de2451f03f1463075ca51795446fcc5faacdc0dd67971edbbc0cb52
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 19 IoCs
pid Process 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE 2916 WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2916 WINWORD.EXE 2916 WINWORD.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\raccontare.07.08.2020.doc" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry
PID:2916