Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
8关于公�...�2.doc
windows7-x64
4关于公�...�2.doc
windows10-2004-x64
1关于公�...��.doc
windows7-x64
4关于公�...��.doc
windows10-2004-x64
1关于公�...��.xls
windows7-x64
10关于公�...��.xls
windows10-2004-x64
10关于公�...��.xls
windows7-x64
10关于公�...��.xls
windows10-2004-x64
10关于公�...�3.doc
windows7-x64
1关于公�...�3.doc
windows10-2004-x64
1Analysis
-
max time kernel
0s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 05:26
Behavioral task
behavioral1
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语8号附件2.doc
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语8号附件2.doc
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.doc
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.doc
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012〕8号附件3.doc
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012〕8号附件3.doc
Resource
win10v2004-20231215-en
General
-
Target
关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls
-
Size
177KB
-
MD5
805fe34e59243792982b60666b659b85
-
SHA1
c01a28323b9202d9ff3952e67c7122e9b728ca67
-
SHA256
32a530c39b66376786e4921752321abca3ba5896f12d9e9089de1c41769472e0
-
SHA512
e297ee1e1fe7c48f2091056f2c9c4afb9750bb113edc3af38b9fa5b6857d22d5946464eccc462af78b4db930789ec09420affdf1de86c850c794ab4a89a58087
-
SSDEEP
3072:8oO1dom5Iab6FoRbvic6H4I2jcc0lbxOrB2AJtXwRGx:vCGFo1GF2
Malware Config
Signatures
-
Process spawned unexpected child process 3 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process 2432 1684 cmd.exe 14 Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process 2516 1684 cmd.exe 14 Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process 1332 1684 cmd.exe 14 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" EXCEL.EXE -
Views/modifies file attributes 1 TTPs 1 IoCs
pid Process 2016 attrib.exe
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知\闽教语〔2012��.xls1⤵
- Modifies Internet Explorer settings
PID:1684 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c RD /S /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"2⤵
- Process spawned unexpected child process
PID:2432
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c Del /F /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"2⤵
- Process spawned unexpected child process
PID:2516
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"2⤵
- Process spawned unexpected child process
PID:1332
-
-
C:\Windows\SysWOW64\attrib.exeattrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"1⤵
- Views/modifies file attributes
PID:2016