Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

NEAS.20728...4d.xls

windows7-x64

10

NEAS.20728...4d.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    5s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/11/2023, 08:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.20728d460c5c42cbd40ad4c4bcffa85013f4763501b561acccf23d76c871894d.xls

  • Size

    938KB

  • MD5

    b6e5689997ab86f037c75abe3478ed5d

  • SHA1

    8f274288e21c4907690c0925e9a4fd44293cf3af

  • SHA256

    20728d460c5c42cbd40ad4c4bcffa85013f4763501b561acccf23d76c871894d

  • SHA512

    44a4dd6dbad49bf2ef26259d9e82711a23badae938e891103f24eb2ed9fa37749ef5434807bed1728419a10a71409c02465415f434aece6c7f976b314a55d123

  • SSDEEP

    24576:g/BHw6/BZy83bVmEgTIZ3v5bJvuwAYyv4OL5udmwNx:D6/rt3bVm7TGRVvuwcQO1ni

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\NEAS.20728d460c5c42cbd40ad4c4bcffa85013f4763501b561acccf23d76c871894d.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:3308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6C77C1A2.emf
    Filesize

    1.4MB

    MD5

    51abd2269e975009d94359d0f494ea5c

    SHA1

    991dfd541fb079b2c56e9ae44320e202b451e2bf

    SHA256

    bb32f5d0bd59d3e5ff66174d3016f510f027b51854a9fa954b94f9f20986f593

    SHA512

    65a0327baca080eda6a20240afdd2ed8680551a92de229eb9730bab7b04e4d8483f4de2be2e5acf4b4a7c8ddf57459320dd6e1d449c70c7c61d8ae04d6a4825b

    Download Submit

  • memory/3308-14-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-21-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-2-0x00007FF849110000-0x00007FF849120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-6-0x00007FF849110000-0x00007FF849120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-4-0x00007FF849110000-0x00007FF849120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-5-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-7-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-8-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-10-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-9-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-11-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-13-0x00007FF846B60000-0x00007FF846B70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-12-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-0-0x00007FF849110000-0x00007FF849120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-3-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-15-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-23-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-18-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-19-0x00007FF846B60000-0x00007FF846B70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-20-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-16-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-22-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-17-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-39-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-1-0x00007FF849110000-0x00007FF849120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-75-0x00007FF889090000-0x00007FF889285000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3308-74-0x00007FF849110000-0x00007FF849120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-73-0x00007FF849110000-0x00007FF849120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-72-0x00007FF849110000-0x00007FF849120000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3308-71-0x00007FF849110000-0x00007FF849120000-memory.dmp

    Filesize

    64KB

    Download