Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
99s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
01/11/2022, 18:49
Static task
static1
Behavioral task
behavioral1
Sample
KHIDMM221613.xlsx
Resource
win7-20220812-en
18 signatures
150 seconds
Behavioral task
behavioral2
Sample
KHIDMM221613.xlsx
Resource
win10v2004-20220901-en
4 signatures
150 seconds
General
-
Target
KHIDMM221613.xlsx
-
Size
124KB
-
MD5
1c33ebd9123fbb1d445a1241d0899fca
-
SHA1
a4b1a16cadffd00f3a9d349ff9a3a4e598a6f25a
-
SHA256
04a944a2b7b278081d3bbe43843fb395f30d8bd190154cbdf9b04fcebf8b7ae3
-
SHA512
dede0f56ccfad169862581a2395f639ddc16447735bf11aadd125bf2878547a5d5c862ecddc9cfcd4944f0065edb8c8b45876b8fc4911d4cebcbbbde4702653b
-
SSDEEP
3072:1n0u1fkHlAw95+2qXg99hpWH3Cv28psaTbQHVSSz0:90uJkFAFXWbu3CvZc1e
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1772 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE 1772 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\KHIDMM221613.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1772