Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

e899940918...d.docx

windows7-x64

4

e899940918...d.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    14/11/2023, 15:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e899940918028dddbf5018a337e38b32b9bd71f874e6b49793d9aa04033b900d.docx

  • Size

    2.9MB

  • MD5

    ee33d715757bf6775552baef88e3ea48

  • SHA1

    78f24fd031ea774987fd46abbb62c8886a2e1248

  • SHA256

    e899940918028dddbf5018a337e38b32b9bd71f874e6b49793d9aa04033b900d

  • SHA512

    d9c83329e9c6f44f8abee619263539e46a9596810174903b5e4b6b8a3a8a81b1bbe00d1a13da6dae310cd036de01ff0c93bde9fbce6b1a49077bbeee200efe41

  • SSDEEP

    49152:eLQxhOizn7T+ZcRc+FAr4UQqHW9AMHgoxwLm7lm+Sc8C460REZZZKP1LglEuf81/:eshFH+Zcc+OMUnHW5gox0m8+Sc8h69Wp

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\e899940918028dddbf5018a337e38b32b9bd71f874e6b49793d9aa04033b900d.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7DD8A8D4.emf
      Filesize

      10KB

      MD5

      35e37e283a539fb5c1bd1995599b9730

      SHA1

      7a0ad64f7937c8d22c937873aa28445a10cd5099

      SHA256

      2dde6fe5744469a8acacfa4908c9b69afe2fee9df66240f642ea88e71cb45339

      SHA512

      b99e2a7866b9503b437cf97e11913a957e2529d696d8a2e936fc1aa6709898231943625b15db12c284e9e5a28060958ea0acb70987214f9a43f3c69837fbb37a

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      fef63f32ae46a4554968bcff27173363

      SHA1

      9ebef956bdc86ab2369e4a4382603eb5ca84d736

      SHA256

      d5d575b3ca9f2cfcf227439cb8b8b0f54efbfea0c5ca2812e04c504ff668ca67

      SHA512

      1769fe53476fa81d63360c84b0211630288f953a67152d9af3ec45b574439b8ef32f635a1f743efacc276507bbf5a8a50abe8600e11a473798847ee79548b436

      Download Submit

    • memory/2212-0-0x000000002F411000-0x000000002F412000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2212-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2212-2-0x0000000070FFD000-0x0000000071008000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2212-20-0x0000000070FFD000-0x0000000071008000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2212-41-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2212-44-0x0000000070FFD000-0x0000000071008000-memory.dmp

      Filesize

      44KB

      Download