Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 02:57
Static task
static1
Behavioral task
behavioral1
Sample
256dcb7c07bcc4d59f0a6b631849a50a.doc
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
256dcb7c07bcc4d59f0a6b631849a50a.doc
Resource
win10v2004-20231215-en
General
-
Target
256dcb7c07bcc4d59f0a6b631849a50a.doc
-
Size
9KB
-
MD5
256dcb7c07bcc4d59f0a6b631849a50a
-
SHA1
67c9ad8be0eb4c3e5405ff954d1734a2696b60ff
-
SHA256
587a7b7169b3d2571df0cb8a12d4afdb7f5237d81f0046bf458a2a1508925ad8
-
SHA512
d5d6c3d1751d2323de56361be2d978a990e15a49b9988dcf8feaf6cd4391a749e13ad3ee74eccb3d2228343cc2ec949b8f2c129099225d256002c3eb72969950
-
SSDEEP
96:G8kUIa8qiq057FG1voqe3eJbOcEoSV+r9/lNNo/UP1m4maoQJBwG:Grao57mK3DRLVSF1oUP61G
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4984 WINWORD.EXE 4984 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 20 IoCs
pid Process 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE 4984 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\256dcb7c07bcc4d59f0a6b631849a50a.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4984