Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
106s -
max time network
137s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
01/07/2021, 14:08
Static task
static1
Behavioral task
behavioral1
Sample
DECL G50 EURL.xlsx
Resource
win7v20210408
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
DECL G50 EURL.xlsx
Resource
win10v20210410
0 signatures
0 seconds
General
-
Target
DECL G50 EURL.xlsx
-
Size
1.2MB
-
MD5
b97310e2ecc75a1ac5b7cf34503d1509
-
SHA1
b34bd40fd5717e01cf5ba7cbe2bf8d5d8331783a
-
SHA256
673d9ec17f2437917846f5ce799f30399d0739c9dd3e28d3d44b80b5f91de54f
-
SHA512
e287c79a0cd275e232b3180fdf6b6c51b0c62285f5346d4ddd57e6c4e556cd1d033cef66d2939c3e7a7abd2867621fea5ba2cd52eae99db9a13acf3fa5fb22e9
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3176 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE 3176 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\DECL G50 EURL.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3176