Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
185s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27/11/2022, 00:00
Static task
static1
Behavioral task
behavioral1
Sample
36a76b2ee3d215de1b75d2ca207063f6a7de98388c0dbb5de1a7f6304fbef875.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
36a76b2ee3d215de1b75d2ca207063f6a7de98388c0dbb5de1a7f6304fbef875.doc
Resource
win10v2004-20220812-en
General
-
Target
36a76b2ee3d215de1b75d2ca207063f6a7de98388c0dbb5de1a7f6304fbef875.doc
-
Size
266KB
-
MD5
022568d93a650f1b195a92be42321cb5
-
SHA1
ad3de6a0d7654a9c6462b03a9e47ea15613159c4
-
SHA256
36a76b2ee3d215de1b75d2ca207063f6a7de98388c0dbb5de1a7f6304fbef875
-
SHA512
8c5671d9203d13b48c1ccf729ac8d81d36d3a4dee858517f90973875c98e5886ed14ba79f67602d0c32dd40c56b90a8a243e190ecbfe78c30f616e43c35de6f5
-
SSDEEP
3072:+P3T6GFoW9gF00JAXyBkxIlBcnJFy0G51+0xg8ahRV5dPZCu/u9Vs6Zv:0trniBkuTcTnESFzgu/cs6
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2052 WINWORD.EXE 2052 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE 2052 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\36a76b2ee3d215de1b75d2ca207063f6a7de98388c0dbb5de1a7f6304fbef875.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2052