Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

猪八戒�...cx.lnk

windows7-x64

10

猪八戒�...cx.lnk

windows10-2004-x64

10

猪八戒�...33.vbs

windows7-x64

10

猪八戒�...33.vbs

windows10-2004-x64

10

猪八戒�...es.dll

windows7-x64

3

猪八戒�...es.dll

windows10-2004-x64

3

猪八戒�.../pp.py

windows7-x64

3

猪八戒�.../pp.py

windows10-2004-x64

3

猪八戒�...on.exe

windows7-x64

1

猪八戒�...on.exe

windows10-2004-x64

1

猪八戒�...37.dll

windows7-x64

3

猪八戒�...37.dll

windows10-2004-x64

3

猪八戒�...�.docx

windows7-x64

4

猪八戒�...�.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2023, 07:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    猪八戒股份有限公司-需求/营业执照/.__MACOS__/猪八戒股份有限公司需求.docx

  • Size

    11KB

  • MD5

    e7c154beecc81b84a9eaeb55b52f233d

  • SHA1

    42d563e3500a057e75f3ff7ac52c3982b3a23ae0

  • SHA256

    88a1eb52b76e38eed5270479d2a4d332b4f7d2492dea9cc163665fbfbc658337

  • SHA512

    08fce4fc59640be1bb7499fb01da427775b6e8d2b5191d309ef73180d8be9fee3b899a58e644e53a9de40b2824c4a41347a1134ada750c48e81fe04f0a9b659f

  • SSDEEP

    192:6isXuVxbdN4XdsX1eLQQcH+pUUyR53ZGND1G+lcy58GH67gE6rUmfw5V5EJrmsvV:6deVBd2eo2eErpGND1Gf4f7f47armsIE

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\猪八戒股份有限公司-需求\营业执照\.__MACOS__\猪八戒股份有限公司需求.docx"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2496

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      8cda667af90bd69d162b40016b639980

      SHA1

      70a2d33711958011892587265e681bf8640e4ffd

      SHA256

      133b5e6ff912419d63b2f3380b961d1e8c5e4bd028574dbedfef483a0e93fc85

      SHA512

      e4b051dbd22c62ae359144c930179670b2da41a4030ec7a207a703a004c9104b1b5539291e9542ecff6b869ba6c954afe4c4457f84d16b3d19775d54d46e339e

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
      Filesize

      2B

      MD5

      f3b25701fe362ec84616a93a45ce9998

      SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

      SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

      SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

      Download Submit

    • memory/2372-54-0x000000002F120000-0x000000002F27D000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2372-55-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2372-56-0x000000007161D000-0x0000000071628000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2372-74-0x000000002F120000-0x000000002F27D000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2372-75-0x000000007161D000-0x0000000071628000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2372-93-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2372-94-0x000000007161D000-0x0000000071628000-memory.dmp

      Filesize

      44KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.