Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2023, 12:42
Static task
static1
Behavioral task
behavioral1
Sample
NUEVO PEDIDO - CF0002.xlam
Resource
win7-20230712-en
11 signatures
150 seconds
Behavioral task
behavioral2
Sample
NUEVO PEDIDO - CF0002.xlam
Resource
win10v2004-20230703-en
3 signatures
150 seconds
General
-
Target
NUEVO PEDIDO - CF0002.xlam
-
Size
624KB
-
MD5
5689ad77747f797c7fce700583f816a4
-
SHA1
0c50fdc9f2e15c8a08c55d4eb4677282e544de4d
-
SHA256
dc7443935ed909e177df4ee104aa44d63ae47cf482b2d03fe0cff0bc3a1fbfc7
-
SHA512
6a139d6f80025b4a1518a7178e47366c0176e1e6a73017cb044380ab51a06aaab80e7d2f69d25d673abf463cdf2abe03dc4e1beb6c59926fe4a3afc90da33cd2
-
SSDEEP
12288:ITIKpW2H8A00G0lx3dgcxaCnF/FrIVN7CbT3AR3fkO15GrnxV60fus/y2:EIKpW2H8A/b3aK5IRfDdCl/y2
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4960 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4960 EXCEL.EXE 4960 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 4960 EXCEL.EXE 4960 EXCEL.EXE 4960 EXCEL.EXE 4960 EXCEL.EXE 4960 EXCEL.EXE 4960 EXCEL.EXE 4960 EXCEL.EXE 4960 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\NUEVO PEDIDO - CF0002.xlam"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4960