Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
8关于公�...�2.doc
windows7-x64
4关于公�...�2.doc
windows10-2004-x64
1关于公�...��.doc
windows7-x64
4关于公�...��.doc
windows10-2004-x64
1关于公�...��.xls
windows7-x64
10关于公�...��.xls
windows10-2004-x64
10关于公�...��.xls
windows7-x64
10关于公�...��.xls
windows10-2004-x64
10关于公�...�3.doc
windows7-x64
1关于公�...�3.doc
windows10-2004-x64
1Analysis
-
max time kernel
0s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 05:26
Behavioral task
behavioral1
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语8号附件2.doc
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语8号附件2.doc
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.doc
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.doc
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012〕8号附件3.doc
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012〕8号附件3.doc
Resource
win10v2004-20231215-en
General
-
Target
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
-
Size
179KB
-
MD5
a6a56ef29389ea5789f034accaa35815
-
SHA1
d02a46a901747df25e1e07caff2ac7c30eafbfbb
-
SHA256
b0b23e4a730b88b76c7302832debb8d4497814a3d29e2ca5a75c72e8596a1eaa
-
SHA512
0271c9cb97fb37df385fb62ebb612f4e158aa6f92a8dd2fcc2999df0826255c2b9928412d4dd2d3c4915aa3dbccef6b2e8463657974a5093c838f07906eb53f0
-
SSDEEP
3072:/gGWfXwUzaGMHMmYwizP2jcc0lbxOrt2AJtXwov:mkH8f2
Malware Config
Signatures
-
Process spawned unexpected child process 3 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 2424 2040 cmd.exe 16 Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 212 2040 cmd.exe 16 Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 2956 2040 cmd.exe 16 -
Views/modifies file attributes 1 TTPs 1 IoCs
pid Process 2152 attrib.exe
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知\闽教语〔2012��.xls"1⤵PID:2040
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c RD /S /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"2⤵
- Process spawned unexpected child process
PID:2424
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c Del /F /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"2⤵
- Process spawned unexpected child process
PID:212
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"2⤵
- Process spawned unexpected child process
PID:2956
-
-
C:\Windows\system32\attrib.exeattrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"1⤵
- Views/modifies file attributes
PID:2152