Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 02:57
Static task
static1
Behavioral task
behavioral1
Sample
256dcb7c07bcc4d59f0a6b631849a50a.doc
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
256dcb7c07bcc4d59f0a6b631849a50a.doc
Resource
win10v2004-20231215-en
4 signatures
150 seconds
General
-
Target
256dcb7c07bcc4d59f0a6b631849a50a.doc
-
Size
9KB
-
MD5
256dcb7c07bcc4d59f0a6b631849a50a
-
SHA1
67c9ad8be0eb4c3e5405ff954d1734a2696b60ff
-
SHA256
587a7b7169b3d2571df0cb8a12d4afdb7f5237d81f0046bf458a2a1508925ad8
-
SHA512
d5d6c3d1751d2323de56361be2d978a990e15a49b9988dcf8feaf6cd4391a749e13ad3ee74eccb3d2228343cc2ec949b8f2c129099225d256002c3eb72969950
-
SSDEEP
96:G8kUIa8qiq057FG1voqe3eJbOcEoSV+r9/lNNo/UP1m4maoQJBwG:Grao57mK3DRLVSF1oUP61G
Score
1/10
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar WINWORD.EXE Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" WINWORD.EXE Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" WINWORD.EXE Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2520 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 21 IoCs
pid Process 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE 2520 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\256dcb7c07bcc4d59f0a6b631849a50a.doc"1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2520