Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    86s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 05:26

General

  • Target

    关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知/闽教语〔2012��.xls

  • Size

    177KB

  • MD5

    805fe34e59243792982b60666b659b85

  • SHA1

    c01a28323b9202d9ff3952e67c7122e9b728ca67

  • SHA256

    32a530c39b66376786e4921752321abca3ba5896f12d9e9089de1c41769472e0

  • SHA512

    e297ee1e1fe7c48f2091056f2c9c4afb9750bb113edc3af38b9fa5b6857d22d5946464eccc462af78b4db930789ec09420affdf1de86c850c794ab4a89a58087

  • SSDEEP

    3072:8oO1dom5Iab6FoRbvic6H4I2jcc0lbxOrB2AJtXwRGx:vCGFo1GF2

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 3 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Views/modifies file attributes 1 TTPs 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\关于公布第四届福建省学生规范汉字书写大赛评奖结果的通知\闽教语〔2012��.xls"
    1⤵
      PID:2536
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c RD /S /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
        2⤵
        • Process spawned unexpected child process
        PID:1060
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c Del /F /Q "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
        2⤵
        • Process spawned unexpected child process
        PID:2080
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
        2⤵
        • Process spawned unexpected child process
        PID:3152
        • C:\Windows\system32\attrib.exe
          attrib -S -h "C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\K4.XLS"
          3⤵
          • Views/modifies file attributes
          PID:1204

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2536-2-0x00007FFE192F0000-0x00007FFE19300000-memory.dmp

      Filesize

      64KB

    • memory/2536-5-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-7-0x00007FFE16B80000-0x00007FFE16B90000-memory.dmp

      Filesize

      64KB

    • memory/2536-9-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-11-0x00007FFE16B80000-0x00007FFE16B90000-memory.dmp

      Filesize

      64KB

    • memory/2536-13-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-17-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-18-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-20-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-21-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-23-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-22-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-19-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-16-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-15-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-14-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-12-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-10-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-8-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-6-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-4-0x00007FFE192F0000-0x00007FFE19300000-memory.dmp

      Filesize

      64KB

    • memory/2536-3-0x00007FFE192F0000-0x00007FFE19300000-memory.dmp

      Filesize

      64KB

    • memory/2536-1-0x00007FFE192F0000-0x00007FFE19300000-memory.dmp

      Filesize

      64KB

    • memory/2536-0-0x00007FFE192F0000-0x00007FFE19300000-memory.dmp

      Filesize

      64KB

    • memory/2536-33-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-44-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-47-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-52-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-55-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-58-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-62-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-66-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-69-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-74-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-80-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-77-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-95-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-99-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-109-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-111-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-115-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-116-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-117-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-121-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-122-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-123-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-126-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-127-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-128-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-129-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-130-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-131-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-132-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-133-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-134-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-135-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-136-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-138-0x000001919D740000-0x000001919DF40000-memory.dmp

      Filesize

      8.0MB

    • memory/2536-137-0x00000191A2BE0000-0x00000191A3BB0000-memory.dmp

      Filesize

      15.8MB

    • memory/2536-158-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-157-0x00007FFE59270000-0x00007FFE59465000-memory.dmp

      Filesize

      2.0MB

    • memory/2536-156-0x00007FFE192F0000-0x00007FFE19300000-memory.dmp

      Filesize

      64KB

    • memory/2536-155-0x00007FFE192F0000-0x00007FFE19300000-memory.dmp

      Filesize

      64KB

    • memory/2536-154-0x00007FFE192F0000-0x00007FFE19300000-memory.dmp

      Filesize

      64KB

    • memory/2536-153-0x00007FFE192F0000-0x00007FFE19300000-memory.dmp

      Filesize

      64KB