Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

007461614c...81.doc

windows7-x64

4

007461614c...81.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    108s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01/03/2023, 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    007461614c1596b63a622bf79888b281.doc

  • Size

    39KB

  • MD5

    007461614c1596b63a622bf79888b281

  • SHA1

    65eff70488fc4edd8a4344d4df57855f4300ca06

  • SHA256

    f76413740ca7c268672e49cbed99efced2f6aff74bbf397013d1793e653a2178

  • SHA512

    ba2510fe2a2c3d89695ac148581d0d96b4ac54927c6cb8fac495764a4b42b50fb14cb41e5a4dc0d0cb0bf64b81300a2bbff3f8b7dbd8a5d8852016581897603e

  • SSDEEP

    768:pOD2DprZnFiC+MBx+HqqqqqeEq5Cau0e3QvWGe:pCiQtMgCCyVZ

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\007461614c1596b63a622bf79888b281.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:624
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:748

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      1cd944f732ba650eb94bbe8bb6e092ad

      SHA1

      ae34469d3e4fdff5af3f0c706c328c3cf77b007a

      SHA256

      3b29531c888fb6e04c26bea52c2d04ad349bc11eae371f24b276ccb0db333970

      SHA512

      2ddd4b4a60d6962bac836779afe8333081b0e106b49d7f86f00983c34bfc74d41aaad1bfeab39fe7a7abe730d645846825cd643d3908a57b51f42f58f4ec9402

      Download Submit

    • memory/624-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/624-78-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download