Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
01/03/2023, 07:03
Static task
static1
Behavioral task
behavioral1
Sample
007461614c1596b63a622bf79888b281.doc
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
007461614c1596b63a622bf79888b281.doc
Resource
win10v2004-20230220-en
General
-
Target
007461614c1596b63a622bf79888b281.doc
-
Size
39KB
-
MD5
007461614c1596b63a622bf79888b281
-
SHA1
65eff70488fc4edd8a4344d4df57855f4300ca06
-
SHA256
f76413740ca7c268672e49cbed99efced2f6aff74bbf397013d1793e653a2178
-
SHA512
ba2510fe2a2c3d89695ac148581d0d96b4ac54927c6cb8fac495764a4b42b50fb14cb41e5a4dc0d0cb0bf64b81300a2bbff3f8b7dbd8a5d8852016581897603e
-
SSDEEP
768:pOD2DprZnFiC+MBx+HqqqqqeEq5Cau0e3QvWGe:pCiQtMgCCyVZ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4940 WINWORD.EXE 4940 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE 4940 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\007461614c1596b63a622bf79888b281.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4940
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD55b387a0ecd2299b11ec5177b294a4bcb
SHA1b912e0e83ca357255d93ab6c0c15fcb6a4f13300
SHA2562d8cb3159f74fcb19498143999d3c368dc7c6e657b23734bec95bcf8e6026664
SHA5123b7129111e464b271c9c41b737a7dd6b95e3ed911460238898e2dc894995ce68a313adbed1b5ca642b79769a82239d08774cfc3ad0d595f75edac04030e79aa1