Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
119s -
platform
windows7_x64 -
resource
win7 -
submitted
11/07/2020, 07:37
Static task
static1
Behavioral task
behavioral1
Sample
bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd.doc
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd.doc
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd.doc
-
Size
245KB
-
MD5
25507b6c0ce21c0d12c727acb8dc0ef2
-
SHA1
6f7d5a70d77c2e79a5b526c42bf299f43c21898d
-
SHA256
bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd
-
SHA512
76a6e6820d852cb32b2cf3cf064ff370a4b917734d06b21b3a493d9afc8799a8f531b35bd7069b6cfde342b564d886be2656df10ecdc9433629e373d00ccce04
Score
1/10
Malware Config
Signatures
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1460 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1460 WINWORD.EXE 1460 WINWORD.EXE 1460 WINWORD.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1460 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\bac63e40c39f30d650336240dedf0c2d0b555969c83c1fe038466600dc667ebd.doc"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: GetForegroundWindowSpam
PID:1460