Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
8关于公�...�2.doc
windows7-x64
4关于公�...�2.doc
windows10-2004-x64
1关于公�...��.doc
windows7-x64
4关于公�...��.doc
windows10-2004-x64
1关于公�...��.xls
windows7-x64
10关于公�...��.xls
windows10-2004-x64
10关于公�...��.xls
windows7-x64
10关于公�...��.xls
windows10-2004-x64
10关于公�...�3.doc
windows7-x64
1关于公�...�3.doc
windows10-2004-x64
1Analysis
-
max time kernel
0s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 05:26
Behavioral task
behavioral1
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语8号附件2.doc
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语8号附件2.doc
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.doc
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.doc
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012〕8号附件3.doc
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012〕8号附件3.doc
Resource
win10v2004-20231215-en
General
-
Target
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
-
Size
179KB
-
MD5
a6a56ef29389ea5789f034accaa35815
-
SHA1
d02a46a901747df25e1e07caff2ac7c30eafbfbb
-
SHA256
b0b23e4a730b88b76c7302832debb8d4497814a3d29e2ca5a75c72e8596a1eaa
-
SHA512
0271c9cb97fb37df385fb62ebb612f4e158aa6f92a8dd2fcc2999df0826255c2b9928412d4dd2d3c4915aa3dbccef6b2e8463657974a5093c838f07906eb53f0
-
SSDEEP
3072:/gGWfXwUzaGMHMmYwizP2jcc0lbxOrt2AJtXwov:mkH8f2
Malware Config
Signatures
-
Process spawned unexpected child process 3 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process 1292 2560 cmd.exe 14 Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process 1264 2560 cmd.exe 14 Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process 2944 2560 cmd.exe 14 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" EXCEL.EXE -
Views/modifies file attributes 1 TTPs 1 IoCs
pid Process 2052 attrib.exe
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知\闽教语〔2012��.xls1⤵
- Modifies Internet Explorer settings
PID:2560 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c RD /S /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"2⤵
- Process spawned unexpected child process
PID:1292
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c Del /F /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"2⤵
- Process spawned unexpected child process
PID:1264
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"2⤵
- Process spawned unexpected child process
PID:2944
-
-
C:\Windows\SysWOW64\attrib.exeattrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"1⤵
- Views/modifies file attributes
PID:2052