Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

PO-384728493049.rtf

windows7-x64

10

PO-384728493049.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/08/2023, 07:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO-384728493049.rtf

  • Size

    88KB

  • MD5

    5292d77a5796360358f012d31f4cd438

  • SHA1

    ceb7009b833a4829f9017636445a07ca201a9db4

  • SHA256

    404f0f676d94ffdc3cc0b4422a34a5aee31d06c815253ba0e7aeb0fed3905b9c

  • SHA512

    d42e1a014c005935b79de13b975a2e840ef100abfc054b08b547398d3ba99834c6f2074d02b3570da4d2b2a01fbe52dda1ce955c66f0aa2bf20eccc62e03b4f6

  • SSDEEP

    768:kwAbZSibMX9gRWjQOX1eDp9haTtsZ+Tnkfas:kwAlRxu1edzaT+Q1s

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\PO-384728493049.rtf" /o ""
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4020

Network

  • flag-us
    DNS
    158.240.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    158.240.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    8.3.197.209.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.3.197.209.in-addr.arpa
    IN PTR
    Response
    8.3.197.209.in-addr.arpa
    IN PTR
    vip0x008map2sslhwcdnnet
  • flag-us
    DNS
    100.28.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    100.28.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    0.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    211.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    211.143.182.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    183.59.114.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    183.59.114.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.202.248.87.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.202.248.87.in-addr.arpa
    IN PTR
    Response
    1.202.248.87.in-addr.arpa
    IN PTR
    https-87-248-202-1amsllnwnet
  • flag-us
    DNS
    11.73.50.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.73.50.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    158.240.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    158.240.127.40.in-addr.arpa

  • 8.8.8.8:53
    8.3.197.209.in-addr.arpa
    dns
    70 B
     111 B
     1
    1

    DNS Request

    8.3.197.209.in-addr.arpa

  • 8.8.8.8:53
    100.28.109.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    100.28.109.52.in-addr.arpa

  • 8.8.8.8:53
    0.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    0.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    211.143.182.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    211.143.182.52.in-addr.arpa

  • 8.8.8.8:53
    183.59.114.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    183.59.114.20.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    1.202.248.87.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    1.202.248.87.in-addr.arpa

  • 8.8.8.8:53
    11.73.50.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    11.73.50.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4020-134-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-133-0x00007FF8F2A70000-0x00007FF8F2A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-135-0x00007FF8F2A70000-0x00007FF8F2A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-137-0x00007FF8F2A70000-0x00007FF8F2A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-136-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-138-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-139-0x00007FF8F2A70000-0x00007FF8F2A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-140-0x00007FF8F2A70000-0x00007FF8F2A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-141-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-142-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-143-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-144-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-145-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-146-0x00007FF8F02C0000-0x00007FF8F02D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-147-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-148-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-149-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-150-0x00007FF8F02C0000-0x00007FF8F02D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-154-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-155-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-156-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-157-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-158-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-162-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4020-187-0x00007FF8F2A70000-0x00007FF8F2A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-188-0x00007FF8F2A70000-0x00007FF8F2A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-189-0x00007FF8F2A70000-0x00007FF8F2A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-190-0x00007FF8F2A70000-0x00007FF8F2A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4020-191-0x00007FF9329F0000-0x00007FF932BE5000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.