Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

Sin título.rtf

windows7-x64

4

Sin título.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    110s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 21:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sin título.rtf

  • Size

    593B

  • MD5

    d78471dd62328c25f6be29618b2fe247

  • SHA1

    a49896d5e86d83c656dbd4d36a2c4e410d170ef7

  • SHA256

    b0cbab17353c1a99bd21ebe079fd7ed15c75fbc2b84c918c3a988e5776c2dcd7

  • SHA512

    eb24ea9636ecb9d87fc7bb4264b7f7de58f78092b82783b6988a609639af07056388fb8b193585224de38223f11918d246110e46b0656868d23a756fb008b619

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Sin título.rtf"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2648

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      9e1c9ac4528c57f44944577328d765ea

      SHA1

      00bdf0570319da0f3164753619072c422cf4cf10

      SHA256

      5a5d94fe0fc71cfb07cc1287381d7d0108afdd0d3bb66a779fe60273835c7057

      SHA512

      d6da9b874f839d030209b3d5f83fc4dd88b57e5762cb850af70bcffd1adadbbc25ebe6197f83dc041bc4aa7e4f5b19c8c1c47e0f27847dcedc05d6ae59881365

      Download Submit

    • memory/1460-0-0x000000002F2F1000-0x000000002F2F2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1460-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1460-2-0x0000000070DBD000-0x0000000070DC8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1460-11-0x0000000070DBD000-0x0000000070DC8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1460-29-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1460-30-0x0000000070DBD000-0x0000000070DC8000-memory.dmp

      Filesize

      44KB

      Download