Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2023, 13:29
Static task
static1
Behavioral task
behavioral1
Sample
b8b1f3adc0f675a882a0c90c94f82a09.doc
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
b8b1f3adc0f675a882a0c90c94f82a09.doc
Resource
win10v2004-20231023-en
General
-
Target
b8b1f3adc0f675a882a0c90c94f82a09.doc
-
Size
108KB
-
MD5
b8b1f3adc0f675a882a0c90c94f82a09
-
SHA1
56efabb99dd9d36533dfe4ce639e999ef27bab70
-
SHA256
b0b550b91beb480ff953d293f2457bd085e8bd22d7f1431b5fd68954063325b9
-
SHA512
c03892727c4322ecadd91bce779ee14acf04a7f1a73a54b24dc5b2c07d6c75dcbfceded5dd6e80c630136a144e9526dea6a8382dddf2e64b924586bc3a81036b
-
SSDEEP
1536:2kEO6A/AGMXXA8oRN921St+TlcxtFDHskDDY3:L/AGMXwXNS
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4316 WINWORD.EXE 4316 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE 4316 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\b8b1f3adc0f675a882a0c90c94f82a09.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4316