Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
29/10/2023, 18:30
Behavioral task
behavioral1
Sample
word/vbaProject.doc
Resource
win7-20231023-en
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
word/vbaProject.doc
Resource
win10v2004-20231023-en
4 signatures
150 seconds
General
-
Target
word/vbaProject.doc
-
Size
21KB
-
MD5
d8cc82a6e1de1c8b4548c9c61283f2ee
-
SHA1
85c0f3e4cab1b13f1bc233da6cbc01327f81e6ee
-
SHA256
b3720afa10751b13fe303c2ec6da77612effc0b0c540526fd30d7ea069c47045
-
SHA512
ec7d733ec07a19fb5e3e84df91c11de11b8e842584b6d26fdff7236525ea43a99a2121177b9bec04869a0d46ee35fc696e251fbdfcc86c9af344c79898e6030c
-
SSDEEP
384:oTR/jsnwuyHeijOiWDl50jWOtnHkFeFa+Bq:O7ObD32HkFeFa+Bq
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2212 WINWORD.EXE 2212 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 19 IoCs
pid Process 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE 2212 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\word\vbaProject.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2212