Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 10:48
Static task
static1
Behavioral task
behavioral1
Sample
ef0846660b1a9c6eda71db9bcde56b68.xlsx
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ef0846660b1a9c6eda71db9bcde56b68.xlsx
Resource
win10v2004-20230915-en
General
-
Target
ef0846660b1a9c6eda71db9bcde56b68.xlsx
-
Size
8KB
-
MD5
ef0846660b1a9c6eda71db9bcde56b68
-
SHA1
2a8031b44a6532bf4a41ca6958a0130da826bc1e
-
SHA256
7243afee07e3d97aa7665aeec58575e671fa2349c56196827dcc8189da78e9f5
-
SHA512
708a60775386cef0aa6c49bf972cc28f1626b1b54190d5bf58df6bd4c91024668fe9d4704e6c9aac87892fe6ef81cc7c85ad64704eadf5dc9eb25d44080047ad
-
SSDEEP
192:HDP1tByOVsvqQOWvXvMPX0/HjzjBZ/pA0OZTYuJZ5BKp4AN9/s3TwER:HDP1tVsy7WvXvCO11nuJZ5BKp4AN9/sJ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3504 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 15 IoCs
pid Process 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE 3504 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ef0846660b1a9c6eda71db9bcde56b68.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3504