Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

4de715cc8e...C.xlam

windows7-x64

10

4de715cc8e...C.xlam

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230824-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/08/2023, 14:28 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4de715cc8efe759c913068845833cf69bc46e3ab96ce6ee9a005468638b4415a_JC.xlam

  • Size

    599KB

  • MD5

    f383adacdac479322a5c37c90edf8162

  • SHA1

    d3bf7075832e55aabe76f5256d58bb45f18f9704

  • SHA256

    4de715cc8efe759c913068845833cf69bc46e3ab96ce6ee9a005468638b4415a

  • SHA512

    0f73a5b978e3f27a43abd1bb2a3bc6a9ae04a11c5ac98ed180c60f31416080a49f0c0d194eb0bc14c0db9585e382cd4e7e471647bbc62a9d9e6ff570bebae481

  • SSDEEP

    12288:EEnW3raLk/10xzHtsYpjRLh4Oj0zkRaFwGy5OQPF5EGfeKLRh:NZXFOYpjh+I0gR/MQP3Jfeo

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4de715cc8efe759c913068845833cf69bc46e3ab96ce6ee9a005468638b4415a_JC.xlam"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2592

Network

  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    168.117.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    168.117.168.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.208.79.178.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.208.79.178.in-addr.arpa
    IN PTR
    Response
    1.208.79.178.in-addr.arpa
    IN PTR
    https-178-79-208-1amsllnwnet
  • flag-us
    DNS
    123.10.44.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    123.10.44.20.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    73.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    73.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    168.117.168.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    168.117.168.52.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    1.208.79.178.in-addr.arpa
    dns
    71 B
     116 B
     1
    1

    DNS Request

    1.208.79.178.in-addr.arpa

  • 8.8.8.8:53
    123.10.44.20.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    123.10.44.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2592-1-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-0-0x00007FFFB6E90000-0x00007FFFB6EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-2-0x00007FFFB6E90000-0x00007FFFB6EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-5-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-4-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-3-0x00007FFFB6E90000-0x00007FFFB6EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-7-0x00007FFFB6E90000-0x00007FFFB6EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-8-0x00007FFFB6E90000-0x00007FFFB6EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-9-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-6-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-10-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-11-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-12-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-13-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-14-0x00007FFFB4690000-0x00007FFFB46A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-15-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-16-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-17-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-18-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-19-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-21-0x00007FFFB4690000-0x00007FFFB46A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-22-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-23-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-24-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-25-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-26-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-27-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-28-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-29-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-30-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-31-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-32-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-33-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-34-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-35-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-36-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-37-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-38-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-56-0x00007FFFB6E90000-0x00007FFFB6EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-58-0x00007FFFB6E90000-0x00007FFFB6EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-57-0x00007FFFB6E90000-0x00007FFFB6EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-59-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-60-0x00007FFFB6E90000-0x00007FFFB6EA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2592-61-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-62-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2592-63-0x00007FFFF6E10000-0x00007FFFF7005000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.