Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2023, 08:28

General

  • Target

    Patel_DotNet_FullStack.docx

  • Size

    49KB

  • MD5

    492433af5b22854853f11b1e4fdde86d

  • SHA1

    adb8c0fa35102facfde9e99920580e5dc2669db0

  • SHA256

    6c1a628f9eac88e32e203824bfb185001e78520834f88e0a7b6641ad808e281c

  • SHA512

    34d43aea6317acda9987f8c29ee92acc917f44d27ba43cc62e88df14de35853ec40fef679ec26375a24b4259cab126b05335180c10d2cd694cd2a7afe0fd5bf6

  • SSDEEP

    768:araRHLQmdAOiPoSLgZS/SwlF32yy6JJNq8V+BxnaRUoc7m4xCjYSZQJSeM:ara5BkP6ZESwlF3ly6JYBJnXKctSZUM

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Patel_DotNet_FullStack.docx"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

      Filesize

      20KB

      MD5

      a375db660c5e85f0385a4983386542b0

      SHA1

      05033b145c33c3cf54d9e90a04dccc503a1c949a

      SHA256

      c24641f54395f075c86842d330561deea6f5aaaaa83f2166701bd8152eb684ac

      SHA512

      f56be5f4384f2057ee706a213046a93f63160072a5f888d48f61aa84006947a5cc3d6cc4ce4d9b09ff78241d27b87757f95c9e9a2ce677cb2d19a1fbff0e806c

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

      Filesize

      2B

      MD5

      f3b25701fe362ec84616a93a45ce9998

      SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

      SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

      SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    • memory/2256-54-0x000000002F0D0000-0x000000002F22D000-memory.dmp

      Filesize

      1.4MB

    • memory/2256-55-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

    • memory/2256-56-0x000000007141D000-0x0000000071428000-memory.dmp

      Filesize

      44KB

    • memory/2256-133-0x000000002F0D0000-0x000000002F22D000-memory.dmp

      Filesize

      1.4MB

    • memory/2256-134-0x000000007141D000-0x0000000071428000-memory.dmp

      Filesize

      44KB

    • memory/2256-156-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB