Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 05:26

General

  • Target

    关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls

  • Size

    179KB

  • MD5

    a6a56ef29389ea5789f034accaa35815

  • SHA1

    d02a46a901747df25e1e07caff2ac7c30eafbfbb

  • SHA256

    b0b23e4a730b88b76c7302832debb8d4497814a3d29e2ca5a75c72e8596a1eaa

  • SHA512

    0271c9cb97fb37df385fb62ebb612f4e158aa6f92a8dd2fcc2999df0826255c2b9928412d4dd2d3c4915aa3dbccef6b2e8463657974a5093c838f07906eb53f0

  • SSDEEP

    3072:/gGWfXwUzaGMHMmYwizP2jcc0lbxOrt2AJtXwov:mkH8f2

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 3 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Views/modifies file attributes 1 TTPs 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知\闽教语〔2012��.xls"
    1⤵
      PID:2040
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c RD /S /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
        2⤵
        • Process spawned unexpected child process
        PID:2424
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c Del /F /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
        2⤵
        • Process spawned unexpected child process
        PID:212
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
        2⤵
        • Process spawned unexpected child process
        PID:2956
    • C:\Windows\system32\attrib.exe
      attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
      1⤵
      • Views/modifies file attributes
      PID:2152

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2040-2-0x00007FF8D4330000-0x00007FF8D4340000-memory.dmp

      Filesize

      64KB

    • memory/2040-6-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-9-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-14-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-16-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-18-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-21-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-23-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-22-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-20-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-19-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-17-0x00007FF8D21F0000-0x00007FF8D2200000-memory.dmp

      Filesize

      64KB

    • memory/2040-15-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-13-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-12-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-10-0x00007FF8D21F0000-0x00007FF8D2200000-memory.dmp

      Filesize

      64KB

    • memory/2040-11-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-8-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-7-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-5-0x00007FF8D4330000-0x00007FF8D4340000-memory.dmp

      Filesize

      64KB

    • memory/2040-4-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-3-0x00007FF8D4330000-0x00007FF8D4340000-memory.dmp

      Filesize

      64KB

    • memory/2040-1-0x00007FF8D4330000-0x00007FF8D4340000-memory.dmp

      Filesize

      64KB

    • memory/2040-0-0x00007FF8D4330000-0x00007FF8D4340000-memory.dmp

      Filesize

      64KB

    • memory/2040-30-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-43-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-47-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-50-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-54-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-53-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-55-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-56-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-57-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-58-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-66-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-68-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-76-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-112-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-116-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-120-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-121-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-119-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-123-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-122-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-124-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-125-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-126-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-127-0x000001AF6C690000-0x000001AF6CE90000-memory.dmp

      Filesize

      8.0MB

    • memory/2040-146-0x00007FF9142B0000-0x00007FF9144A5000-memory.dmp

      Filesize

      2.0MB

    • memory/2040-145-0x00007FF8D4330000-0x00007FF8D4340000-memory.dmp

      Filesize

      64KB

    • memory/2040-144-0x00007FF8D4330000-0x00007FF8D4340000-memory.dmp

      Filesize

      64KB

    • memory/2040-143-0x00007FF8D4330000-0x00007FF8D4340000-memory.dmp

      Filesize

      64KB

    • memory/2040-142-0x00007FF8D4330000-0x00007FF8D4340000-memory.dmp

      Filesize

      64KB