Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2023, 08:49
Static task
static1
Behavioral task
behavioral1
Sample
24d5ccb296d91cebe59ce6d5e86ddc9b.doc
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
24d5ccb296d91cebe59ce6d5e86ddc9b.doc
Resource
win10v2004-20230220-en
General
-
Target
24d5ccb296d91cebe59ce6d5e86ddc9b.doc
-
Size
71KB
-
MD5
24d5ccb296d91cebe59ce6d5e86ddc9b
-
SHA1
babc81f66a331f702dbcad50ef0c67f74aea295d
-
SHA256
360e739562353633bb735f2a4cfe5967e893599d910089aea319d4528ec9c853
-
SHA512
f6cbe7283988e2a9002a7bc3fd4c8c932478488924f16536fae05973657c88af17a91c9148ae64105c6431819d483c0755ce4975d191fde3a6e6ba3e97a98ad4
-
SSDEEP
384:xQDvTPAEFCWWWWWWWExByGcSxwAjLROJ/+rHhH8YBjN7sM90kteX0jSPtGUOEM:xQDv7Vux3fnx4pkWF8
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2716 WINWORD.EXE 2716 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE 2716 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\24d5ccb296d91cebe59ce6d5e86ddc9b.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2716
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD52ebca54217b2e957a6aa01344c42043a
SHA14a096d2f003ad19e7c8d732942785e9243c3b01d
SHA256c874b4b8929445120a4a90db5ad0a640a9d69bf1afa7656d12e1b0f282f9b2ae
SHA512db21c8b9928a28c07cb8d138b6e91bc57df17db337aa8507723e503661fdbb320dc6a67cec30998039f8a60500a9da5bf3a123fe35ff725889367f883c3fcb7e
-
Filesize
2KB
MD55f43e290d93acc468630b95db155d639
SHA10ff150e4d70f35e8611e4eac263766ea381cd815
SHA256c927b679b0814ffb38976e6920250905a49775e77be1e82413ce9005997e62f2
SHA512be4f531e7feb9d63eb4872c08d4ee3441b38b23f07212ed2f3c18647c255bf825cbb6e1a23e6cb6c5c7f4b100c81f1d1c6d4b3be9dde0dccf222224b002177a6
-
Filesize
2KB
MD5a88ac52b33911c3c0bcb6a942e714ddf
SHA10dcd851a8c5ba06dd87b29ba3361c14b57b40294
SHA256bb625b292a9231e424869566ca93ea191bed5a08e83fb5a28706ca03a5b8a526
SHA51210fd747767f276d15d7a7c6700adf127bf4eb15cef7a3cdd59a947fd6b94c614c40266412372f964a684579292f55c5270753e73bc2b1f3cf5f35a6d3f19a092
-
Filesize
225B
MD5519755378e58a854e2bd4652f7195193
SHA1eca94844a06772a58cafa8bb4fccb054cdb450c0
SHA256b5aa96f3f7930aced20f57e7f4fe5957e37be0f504fb2f49606f80b19e79bf20
SHA512b1e3a0dc5562e558bb8542c4f9288ce4493ddc9c5c533fff9a07e008a6acef0fbacfc03d867d5ff54fb602e9f3148fa073bb93a1ca386ea42f88b063f0726d52