Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 05:20
Behavioral task
behavioral1
Sample
29c892884d2978cad52c167c6b615f3f.xls
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
29c892884d2978cad52c167c6b615f3f.xls
Resource
win10v2004-20231222-en
General
-
Target
29c892884d2978cad52c167c6b615f3f.xls
-
Size
36KB
-
MD5
29c892884d2978cad52c167c6b615f3f
-
SHA1
e5a202a04cda6354c92dc278c5dd4ae391569603
-
SHA256
a20b44d3b4ffb900381b464f0aeca3a7f166eee55f18eb4d00f90c3c87349845
-
SHA512
d6a0869737e5d35bac57ccf1a02e2542a491b052a187700731306e6c0f38e440ae82b6fc80ab4eff1767556837a383a1deb8f1d2495868c96387838efca49628
-
SSDEEP
768:9PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ1CNyB5I4k2mmt:1ok3hbdlylKsgqopeJBWhZFGkE+cL2Nk
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 1720 2884 explorer.exe 16 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2884 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\29c892884d2978cad52c167c6b615f3f.xls"1⤵
- Suspicious use of SetWindowsHookEx
PID:2884 -
C:\Windows\explorer.exeexplorer.exe C:\Users\Public\Documents\VBBJ.vbs2⤵
- Process spawned unexpected child process
PID:1720
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵PID:916
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\VBBJ.vbs"2⤵PID:436
-