Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 05:26

General

  • Target

    关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls

  • Size

    179KB

  • MD5

    a6a56ef29389ea5789f034accaa35815

  • SHA1

    d02a46a901747df25e1e07caff2ac7c30eafbfbb

  • SHA256

    b0b23e4a730b88b76c7302832debb8d4497814a3d29e2ca5a75c72e8596a1eaa

  • SHA512

    0271c9cb97fb37df385fb62ebb612f4e158aa6f92a8dd2fcc2999df0826255c2b9928412d4dd2d3c4915aa3dbccef6b2e8463657974a5093c838f07906eb53f0

  • SSDEEP

    3072:/gGWfXwUzaGMHMmYwizP2jcc0lbxOrt2AJtXwov:mkH8f2

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 3 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知\闽教语〔2012��.xls
    1⤵
    • Modifies Internet Explorer settings
    PID:2560
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c RD /S /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
      2⤵
      • Process spawned unexpected child process
      PID:1292
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c Del /F /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
      2⤵
      • Process spawned unexpected child process
      PID:1264
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
      2⤵
      • Process spawned unexpected child process
      PID:2944
  • C:\Windows\SysWOW64\attrib.exe
    attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
    1⤵
    • Views/modifies file attributes
    PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2560-1-0x0000000072A4D000-0x0000000072A58000-memory.dmp

    Filesize

    44KB

  • memory/2560-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2560-6-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-32-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-34-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-77-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-121-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-123-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-169-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-213-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-215-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-247-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-249-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-271-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-296-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-337-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-336-0x0000000072A4D000-0x0000000072A58000-memory.dmp

    Filesize

    44KB

  • memory/2560-168-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-342-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-343-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-344-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-345-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-346-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-347-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-349-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-348-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-350-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-351-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-352-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/2560-355-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2560-356-0x0000000072A4D000-0x0000000072A58000-memory.dmp

    Filesize

    44KB