Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

007461614c...81.doc

windows7-x64

4

007461614c...81.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/03/2023, 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    007461614c1596b63a622bf79888b281.doc

  • Size

    39KB

  • MD5

    007461614c1596b63a622bf79888b281

  • SHA1

    65eff70488fc4edd8a4344d4df57855f4300ca06

  • SHA256

    f76413740ca7c268672e49cbed99efced2f6aff74bbf397013d1793e653a2178

  • SHA512

    ba2510fe2a2c3d89695ac148581d0d96b4ac54927c6cb8fac495764a4b42b50fb14cb41e5a4dc0d0cb0bf64b81300a2bbff3f8b7dbd8a5d8852016581897603e

  • SSDEEP

    768:pOD2DprZnFiC+MBx+HqqqqqeEq5Cau0e3QvWGe:pCiQtMgCCyVZ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\007461614c1596b63a622bf79888b281.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4940

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp
    Filesize

    22KB

    MD5

    5b387a0ecd2299b11ec5177b294a4bcb

    SHA1

    b912e0e83ca357255d93ab6c0c15fcb6a4f13300

    SHA256

    2d8cb3159f74fcb19498143999d3c368dc7c6e657b23734bec95bcf8e6026664

    SHA512

    3b7129111e464b271c9c41b737a7dd6b95e3ed911460238898e2dc894995ce68a313adbed1b5ca642b79769a82239d08774cfc3ad0d595f75edac04030e79aa1

    Download Submit

  • memory/4940-133-0x00007FFABBDB0000-0x00007FFABBDC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-134-0x00007FFABBDB0000-0x00007FFABBDC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-135-0x00007FFABBDB0000-0x00007FFABBDC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-136-0x00007FFABBDB0000-0x00007FFABBDC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-137-0x00007FFABBDB0000-0x00007FFABBDC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-138-0x00007FFAB9A60000-0x00007FFAB9A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-139-0x00007FFAB9A60000-0x00007FFAB9A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-192-0x00007FFABBDB0000-0x00007FFABBDC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-193-0x00007FFABBDB0000-0x00007FFABBDC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-194-0x00007FFABBDB0000-0x00007FFABBDC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4940-195-0x00007FFABBDB0000-0x00007FFABBDC0000-memory.dmp

    Filesize

    64KB

    Download