Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
132s -
platform
windows10_x64 -
resource
win10 -
submitted
14/07/2020, 06:43
Static task
static1
Behavioral task
behavioral1
Sample
d584a370f4e27310aa842f83b35ea337e560c2308537c5113acb48a9187ee762.xls
Resource
win7v200430
Behavioral task
behavioral2
Sample
d584a370f4e27310aa842f83b35ea337e560c2308537c5113acb48a9187ee762.xls
Resource
win10
General
-
Target
d584a370f4e27310aa842f83b35ea337e560c2308537c5113acb48a9187ee762.xls
-
Size
198KB
-
MD5
ce282d43e94e61a1a425cd1b0bb61aaf
-
SHA1
1c138aad9dd01f7069e682da3162878ff1ffb24d
-
SHA256
d584a370f4e27310aa842f83b35ea337e560c2308537c5113acb48a9187ee762
-
SHA512
b39f1eb9595543b709281ced22e1bb46451241682ab6264ea5be2cefd310c08d8971ffb1073ab37530f3503b47752175c51dc30a309dc9a398a2e8aafb34a8c4
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE 976 EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 976 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\d584a370f4e27310aa842f83b35ea337e560c2308537c5113acb48a9187ee762.xls"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Enumerates system info in registry
- Checks processor information in registry
PID:976