Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

COVERING.doc

windows7-x64

4

COVERING.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2023, 07:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    COVERING.doc

  • Size

    351KB

  • MD5

    ec2a6d3f0877860809def944731f845e

  • SHA1

    ce213f0757189ce6a39ef9b6e4344bdc55146406

  • SHA256

    ba709c69ec263ef09b599307e5ad4402e7bb8b49991a58cdc16ba21289112ac3

  • SHA512

    72f6f30a865b12430820e691b93f6cdf4563e6213e43f6c9a89f9d6dcdc6c83d96a588833209c48f1ec04d29acbeca2e11fdba871664f9af818a9fd52e690c99

  • SSDEEP

    3072:p3RvGVOqCBnVgS6nWzsmB5iBXUj51ZaPlP30tBolaG3+AsQC5RjnZJ:p3Rvhrn2S6WxHTZEf0tulqZJ

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\COVERING.doc"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2672

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      01583abc62f3d06200089b6d4dc806c7

      SHA1

      76c3051d2969cd002853805c58db0383c260a831

      SHA256

      01efb15bc80db00160a1bb6e10392b3c9270fc572b91826fb256150161978c42

      SHA512

      4093e31d547918ecf148515330e95bd5e5fe6b6b90e6c59dcb91d02506643f781d44eaad267e82235239dd7e485553e196258817d512f774636fd8b283e6304c

      Download Submit

    • memory/1496-0-0x000000002F951000-0x000000002F952000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1496-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1496-2-0x00000000715CD000-0x00000000715D8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1496-11-0x00000000715CD000-0x00000000715D8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1496-26-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1496-27-0x00000000715CD000-0x00000000715D8000-memory.dmp

      Filesize

      44KB

      Download