Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

Combine St...x.nztt

windows7-x64

3

Combine St...x.nztt

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/09/2023, 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Combine Stock as on 31032017.xlsx.nztt

  • Size

    21KB

  • MD5

    2a509f5c5af3b9e3776ee5980596f2f3

  • SHA1

    9c580c3917616831a86681f342a054d377ae63ca

  • SHA256

    c57874bd743b57f73d8aaefa042428012ce07353eea1a500883df4b63a0d144d

  • SHA512

    53533adff8229dc561d415815ebe7ee376a6e3dffa6fe69fa2fed84b11d3ec8da93dc854c879b822bcdc65e6b8f591bf21441d02895b8fc7e02e37dd3c0c8826

  • SSDEEP

    384:C6HPYaErW9viD515nbwTK42UiX90B2lu7yzV4S8upgjXsCWgRv+OJWMynurQRhaw:C6HPYc2tnbG2UiXMnUm1EgRLMMRU6O

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 61 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 49 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Combine Stock as on 31032017.xlsx.nztt"
    1⤵
    • Modifies registry class
    PID:3264
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2304
  • C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:5084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5084-0-0x00007FFB9A6D0000-0x00007FFB9A6E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5084-1-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-2-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-4-0x00007FFB9A6D0000-0x00007FFB9A6E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5084-3-0x00007FFB9A6D0000-0x00007FFB9A6E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5084-6-0x00007FFB9A6D0000-0x00007FFB9A6E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5084-5-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-7-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-8-0x00007FFB9A6D0000-0x00007FFB9A6E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5084-9-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-10-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-11-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-12-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-13-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-14-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-15-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-16-0x00007FFB984E0000-0x00007FFB984F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5084-17-0x00007FFB984E0000-0x00007FFB984F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5084-21-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-22-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-23-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-24-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5084-25-0x00007FFBDA650000-0x00007FFBDA845000-memory.dmp

    Filesize

    2.0MB

    Download