Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

CI + PL.xls

windows7-x64

10

CI + PL.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2023, 06:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CI + PL.xls

  • Size

    1.4MB

  • MD5

    22cbe162d221d7ab2ae7e185a38cd432

  • SHA1

    6ee5a4da46169acb591f3572dfe8347afd2a937d

  • SHA256

    81eb9a9c2bd5612d7e67a5dccae5a52cd02fa933d59eafbb2f318d7f79dce601

  • SHA512

    4dacf9de7dbe2cc352039acb18768619707c5b7e2c96f4843156e204a32bec4ec986fedc484a446364decec7773bdfbb3e0d8519e2293237f18454da4ecef074

  • SSDEEP

    24576:5+u9VNZylw6VfOZydw6VleHBlEzp7uOR0bgcwyA52hcP5YwVux:5+uPR6VfY96V8hOzWgjy+P5Yj

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\CI + PL.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:4884

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8056AD98.emf
    Filesize

    1.4MB

    MD5

    d69c22a341e111feea69df6d8c655d60

    SHA1

    ac862337f2efa43627508927f5052ce694012206

    SHA256

    05b2053bf1d070d6034b45cd79b54d80da3c6d88d016671a345e75048b1a68db

    SHA512

    d4db33ed046b3c9ba09c4b3feac17b1fe2e75fce67f4154fd795d504708c295a1e3c8331ed3d6c3ee9950c936c4cc25b5d690558c26f2e1f7771bd5eb275822c

    Download Submit

  • memory/4884-144-0x00007FFB6D200000-0x00007FFB6D210000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-201-0x00007FFB6F890000-0x00007FFB6F8A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-135-0x00007FFB6F890000-0x00007FFB6F8A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-137-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-138-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-139-0x00007FFB6F890000-0x00007FFB6F8A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-140-0x00007FFB6F890000-0x00007FFB6F8A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-141-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-142-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-143-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-145-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-134-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-136-0x00007FFB6F890000-0x00007FFB6F8A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-146-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-152-0x00007FFB6D200000-0x00007FFB6D210000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-149-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-150-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-151-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-148-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-162-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-133-0x00007FFB6F890000-0x00007FFB6F8A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-200-0x00007FFB6F890000-0x00007FFB6F8A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-147-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4884-202-0x00007FFB6F890000-0x00007FFB6F8A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-203-0x00007FFB6F890000-0x00007FFB6F8A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4884-204-0x00007FFBAF810000-0x00007FFBAFA05000-memory.dmp

    Filesize

    2.0MB

    Download