Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 04:41
Behavioral task
behavioral1
Sample
289768c06f79b0a4d857223da6e21109.xls
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
289768c06f79b0a4d857223da6e21109.xls
Resource
win10v2004-20231215-en
General
-
Target
289768c06f79b0a4d857223da6e21109.xls
-
Size
190KB
-
MD5
289768c06f79b0a4d857223da6e21109
-
SHA1
c7c4efc5cd0588fbdfa792a0d2ab37b99553a6cf
-
SHA256
35e52ee5e850c02e9cd7f9ec2bd8a1a9d0438ba6c07a9675b2dab2fcf068afdd
-
SHA512
fb928633eaa6c0975a8771e2ea7c5c205af28e5e8ec96981f336c626959a6a01635894b03fa99f67d270210fad380f0c3b79ede73c7033769b36b526b154b97a
-
SSDEEP
3072:EpOilrhlRtQWVbrzQ7LbTkDEAJtXwn5kqsPNab:E8q3
Malware Config
Signatures
-
Process spawned suspicious child process 1 IoCs
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
description pid pid_target Process procid_target Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 2424 672 DW20.EXE 14
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\289768c06f79b0a4d857223da6e21109.xls"1⤵PID:672
-
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 43122⤵
- Process spawned suspicious child process
PID:2424 -
C:\Windows\system32\dwwin.exeC:\Windows\system32\dwwin.exe -x -s 43123⤵PID:3272
-
-