Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
107s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29/01/2023, 19:21
Behavioral task
behavioral1
Sample
951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33.xls
Resource
win10v2004-20220812-en
General
-
Target
951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33.xls
-
Size
36KB
-
MD5
5887df2e3efe39958c4d9645c8c0a840
-
SHA1
9fb4b74d4ff248a178b9451c61191e0d6f8c9159
-
SHA256
951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33
-
SHA512
0c0c0fbbc3fa6f63014216f918000425e184db9979a6474217848fc233eaed0996c767bc4ecf5a5ce2e6f6b812334cf6cd4adef6662990442350fbf5a4ae1a56
-
SSDEEP
768:PPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJC/0zkorHDHeeTRiG+gh:nok3hbdlylKsgqopeJBWhZFGkE+cL2NU
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4728 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE 4728 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4728