Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
99s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
09/09/2022, 09:43
Behavioral task
behavioral1
Sample
Copy_of_Braun_Ticket_0011836.xlsm_09-Sep-22_11-24-23.xlsm
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Copy_of_Braun_Ticket_0011836.xlsm_09-Sep-22_11-24-23.xlsm
Resource
win10v2004-20220812-en
General
-
Target
Copy_of_Braun_Ticket_0011836.xlsm_09-Sep-22_11-24-23.xlsm
-
Size
38KB
-
MD5
b57d4f42ffd3ef5ae25c024fa2253314
-
SHA1
ed25e8bcb5c2472ccb5d93ee5ab8a384f36c4736
-
SHA256
7eeba91c1702a50d37c2c28b94e7733a69cc5d2a0bfdc7d2a3ee84ac40c7b245
-
SHA512
731ee951db66211b0f64aceec34b50a9a76515bbb419832bb1294a0079ccbfbd579313f2159f88df123d3e4b74d36f9b6132e5738e68f597b99c959b4338a534
-
SSDEEP
768:X8mxmGp5qLJuhIjprcW8HRg09APbcSSlAut3Tn:5xZSLJu8rcnV98SlAmn
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2040 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2040 EXCEL.EXE 2040 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE 2040 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Copy_of_Braun_Ticket_0011836.xlsm_09-Sep-22_11-24-23.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2040