Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
101s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2023, 09:41
Behavioral task
behavioral1
Sample
__VIEW_NAT Breach Pack Suicide Form_02092022_115724_Wilson_A_E315158.doc
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
__VIEW_NAT Breach Pack Suicide Form_02092022_115724_Wilson_A_E315158.doc
Resource
win10v2004-20221111-en
General
-
Target
__VIEW_NAT Breach Pack Suicide Form_02092022_115724_Wilson_A_E315158.doc
-
Size
75KB
-
MD5
f61bd9cade5752d471ef532a4ef2d618
-
SHA1
d1ceed7eb1f54176c237e71ea99d17e12ed27255
-
SHA256
485e1ca7143f801835549ee96ad29c35748db6275a25ba7436bc284d7e1ba9e7
-
SHA512
b1c00f42fed35b9e954120bab7172ba17f546957fd73b7ab55b52c7c36fff55067e2aa09bea2623b72b18ad9dab3390bf44580c6ed98e616e35df64cb80c7a94
-
SSDEEP
384:MoPd80BucqsVGVIAhnFyx3sbraTKmFfGHztW611FL6pvzZr0iSwvxjk+t8X82sFB:5xcfFKfGHzU6zFYDxw+t0eMzoptl+x
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 3432 WINWORD.EXE 3432 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE 3432 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\__VIEW_NAT Breach Pack Suicide Form_02092022_115724_Wilson_A_E315158.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3432