Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 03:00
Static task
static1
Behavioral task
behavioral1
Sample
f31a76579fceba3ccc39a68db271300f2a1189bc8df0f08c040215f952d8ac02.doc
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f31a76579fceba3ccc39a68db271300f2a1189bc8df0f08c040215f952d8ac02.doc
Resource
win10v2004-20220812-en
General
-
Target
f31a76579fceba3ccc39a68db271300f2a1189bc8df0f08c040215f952d8ac02.doc
-
Size
40KB
-
MD5
c4506a5ea1999484519b044b013c7c02
-
SHA1
5687c4358d5aa3e51372228dceefe3a7371446c5
-
SHA256
f31a76579fceba3ccc39a68db271300f2a1189bc8df0f08c040215f952d8ac02
-
SHA512
2278c1d8a3f73f647f7f7a3f4f3263d2ada34fd86cb88ae84c4cbd06aede3d8a3f62c9d6cda9b5932ef31e1074941faa98cc895ae3138ce4fe79308311208e54
-
SSDEEP
768:73ez9v3pA2c+M3SSkqq2jFMujyV67JJtZ+jQFhYc:73ez9v5A29M3SSJB3XtZpYc
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 800 WINWORD.EXE 800 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 15 IoCs
pid Process 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE 800 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\f31a76579fceba3ccc39a68db271300f2a1189bc8df0f08c040215f952d8ac02.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:800