Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
186s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25/11/2022, 19:10
Static task
static1
Behavioral task
behavioral1
Sample
34d8035cd58a5ca5a25560f3e7b91c8a122931eeb4ee42a4bd877605f507fc66.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
34d8035cd58a5ca5a25560f3e7b91c8a122931eeb4ee42a4bd877605f507fc66.xls
Resource
win10v2004-20221111-en
General
-
Target
34d8035cd58a5ca5a25560f3e7b91c8a122931eeb4ee42a4bd877605f507fc66.xls
-
Size
13KB
-
MD5
24585ca31cf66cf2ef5918e8ca3dec25
-
SHA1
19c6409eb1fefa62aff11468f02d8a306a0f9cfc
-
SHA256
34d8035cd58a5ca5a25560f3e7b91c8a122931eeb4ee42a4bd877605f507fc66
-
SHA512
4b7893b7c8b1b37946fa326a7ab030b5614db4b41b02679fe59a9727803bbf5f1bb14572f2074b7a4a006e16a4df47443ee24f1f20de3f64015f28b39e3aadbd
-
SSDEEP
48:rYLZgDTRUzfS3eqtExcg4fVqI+ajMBbLU3+:UqDdU2P2xcDfjMBsO
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2648 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE 2648 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\34d8035cd58a5ca5a25560f3e7b91c8a122931eeb4ee42a4bd877605f507fc66.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2648