Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    11/07/2020, 07:37 UTC

General

  • Target

    bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd.doc

  • Size

    245KB

  • MD5

    25507b6c0ce21c0d12c727acb8dc0ef2

  • SHA1

    6f7d5a70d77c2e79a5b526c42bf299f43c21898d

  • SHA256

    bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd

  • SHA512

    76a6e6820d852cb32b2cf3cf064ff370a4b917734d06b21b3a493d9afc8799a8f531b35bd7069b6cfde342b564d886be2656df10ecdc9433629e373d00ccce04

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd.doc"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1460

Network

    No results found
  • 192.3.140.203:80
    WINWORD.EXE
    152 B
    120 B
    3
    3
  • 192.3.140.203:80
    WINWORD.EXE
    152 B
    120 B
    3
    3
  • 10.7.0.255:138
    netbios-dgm
    1.3kB
    6
  • 224.0.0.252:5355
    100 B
    2
  • 10.7.0.255:137
    netbios-ns
    234 B
    3
  • 239.255.255.250:1900
    966 B
    6
  • 239.255.255.250:1900

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.