Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2023, 18:01
Static task
static1
Behavioral task
behavioral1
Sample
NEW PO LIST 02009 GREEN VALLEY.xlam
Resource
win7-20230712-en
9 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEW PO LIST 02009 GREEN VALLEY.xlam
Resource
win10v2004-20230703-en
3 signatures
150 seconds
General
-
Target
NEW PO LIST 02009 GREEN VALLEY.xlam
-
Size
672KB
-
MD5
33e8fb7aa9f005ccb2e9fb681f087366
-
SHA1
b45c204899eb12874dca86cc7b4e12af7dbe5dba
-
SHA256
d300bd3ed7461b1c05c983a03ab34d07e23f8233bebab33c52631303de624c1a
-
SHA512
18750e93e945e3f850d314ab5c3f6eebeccf3c552b6da0fb5b195f17e6cdef96521535475c8a912ab8da570fc78228b7601dbe99ff4cff9853bb2f51a03e9d1e
-
SSDEEP
12288:d0dNkjFUgZAurY/a93VUmy8GQxMi4T+0J852WWqoq7lHoyPm3MywDcTYIj1CsB:2Eb0mycMiY+yI2WWylHo0mhYW19B
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2660 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 2660 EXCEL.EXE 2660 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2660 EXCEL.EXE 2660 EXCEL.EXE 2660 EXCEL.EXE 2660 EXCEL.EXE 2660 EXCEL.EXE 2660 EXCEL.EXE 2660 EXCEL.EXE 2660 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\NEW PO LIST 02009 GREEN VALLEY.xlam"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2660