Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

690fbe657f...a.docx

windows7-x64

4

690fbe657f...a.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    107s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2023, 07:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    690fbe657ff731712460500a060f2acbb717a11a.docx

  • Size

    54KB

  • MD5

    299adc77f63b57462d6b6f771a5c2f92

  • SHA1

    690fbe657ff731712460500a060f2acbb717a11a

  • SHA256

    a1a1365553eb75ccba27060f09023453661e9aceebf041bfce4113233bed3637

  • SHA512

    67ce3212e87fb7106891c79c55bb10b48f1e855fda6f442e8360f5b5b1b2d67cbb1e7402dec63e0bb7ba650d54338404362f6adb0d4265153c495268395d8cc5

  • SSDEEP

    1536:IXv13T+HepqV5a8Dqpx/MVr+Wu6cWMH7jQo7PYWH9VrnkA5syNqG:IXv136HepA5N6+Sp7jQuY29VrnLsyIG

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\690fbe657ff731712460500a060f2acbb717a11a.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1500

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1500-60-0x000007FEFBC01000-0x000007FEFBC03000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1516-54-0x00000000727A1000-0x00000000727A4000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1516-55-0x0000000070221000-0x0000000070223000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1516-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1516-57-0x000000007120D000-0x0000000071218000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1516-58-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1516-61-0x000000007120D000-0x0000000071218000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1516-62-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1516-63-0x000000007120D000-0x0000000071218000-memory.dmp

      Filesize

      44KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.