Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
16/08/2023, 08:28
Static task
static1
Behavioral task
behavioral1
Sample
Patel_DotNet_FullStack.docx
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Patel_DotNet_FullStack.docx
Resource
win10v2004-20230703-en
General
-
Target
Patel_DotNet_FullStack.docx
-
Size
49KB
-
MD5
492433af5b22854853f11b1e4fdde86d
-
SHA1
adb8c0fa35102facfde9e99920580e5dc2669db0
-
SHA256
6c1a628f9eac88e32e203824bfb185001e78520834f88e0a7b6641ad808e281c
-
SHA512
34d43aea6317acda9987f8c29ee92acc917f44d27ba43cc62e88df14de35853ec40fef679ec26375a24b4259cab126b05335180c10d2cd694cd2a7afe0fd5bf6
-
SSDEEP
768:araRHLQmdAOiPoSLgZS/SwlF32yy6JJNq8V+BxnaRUoc7m4xCjYSZQJSeM:ara5BkP6ZESwlF3ly6JYBJnXKctSZUM
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\Debug\WIA\wiatrace.log WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2256 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2256 WINWORD.EXE 2256 WINWORD.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2256 wrote to memory of 1788 2256 WINWORD.EXE 32 PID 2256 wrote to memory of 1788 2256 WINWORD.EXE 32 PID 2256 wrote to memory of 1788 2256 WINWORD.EXE 32 PID 2256 wrote to memory of 1788 2256 WINWORD.EXE 32
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Patel_DotNet_FullStack.docx"1⤵
- Drops file in Windows directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2256 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:1788
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5a375db660c5e85f0385a4983386542b0
SHA105033b145c33c3cf54d9e90a04dccc503a1c949a
SHA256c24641f54395f075c86842d330561deea6f5aaaaa83f2166701bd8152eb684ac
SHA512f56be5f4384f2057ee706a213046a93f63160072a5f888d48f61aa84006947a5cc3d6cc4ce4d9b09ff78241d27b87757f95c9e9a2ce677cb2d19a1fbff0e806c
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84