Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 04:41

General

  • Target

    289768c06f79b0a4d857223da6e21109.xls

  • Size

    190KB

  • MD5

    289768c06f79b0a4d857223da6e21109

  • SHA1

    c7c4efc5cd0588fbdfa792a0d2ab37b99553a6cf

  • SHA256

    35e52ee5e850c02e9cd7f9ec2bd8a1a9d0438ba6c07a9675b2dab2fcf068afdd

  • SHA512

    fb928633eaa6c0975a8771e2ea7c5c205af28e5e8ec96981f336c626959a6a01635894b03fa99f67d270210fad380f0c3b79ede73c7033769b36b526b154b97a

  • SSDEEP

    3072:EpOilrhlRtQWVbrzQ7LbTkDEAJtXwn5kqsPNab:E8q3

Score
6/10

Malware Config

Signatures

  • Process spawned suspicious child process 1 IoCs

    This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\289768c06f79b0a4d857223da6e21109.xls"
    1⤵
      PID:672
      • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE
        "C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 4312
        2⤵
        • Process spawned suspicious child process
        PID:2424
        • C:\Windows\system32\dwwin.exe
          C:\Windows\system32\dwwin.exe -x -s 4312
          3⤵
            PID:3272

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/672-4-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-2-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-1-0x00007FFCE07B0000-0x00007FFCE07C0000-memory.dmp

        Filesize

        64KB

      • memory/672-13-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-12-0x00007FFCDE750000-0x00007FFCDE760000-memory.dmp

        Filesize

        64KB

      • memory/672-15-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-17-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-20-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-21-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-23-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-22-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-19-0x00007FFCDE750000-0x00007FFCDE760000-memory.dmp

        Filesize

        64KB

      • memory/672-18-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-16-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-14-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-11-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-10-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-7-0x00007FFCE07B0000-0x00007FFCE07C0000-memory.dmp

        Filesize

        64KB

      • memory/672-6-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-5-0x00007FFCE07B0000-0x00007FFCE07C0000-memory.dmp

        Filesize

        64KB

      • memory/672-8-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-3-0x00007FFCE07B0000-0x00007FFCE07C0000-memory.dmp

        Filesize

        64KB

      • memory/672-9-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/672-0-0x00007FFCE07B0000-0x00007FFCE07C0000-memory.dmp

        Filesize

        64KB

      • memory/672-40-0x000001AA124A0000-0x000001AA12CA0000-memory.dmp

        Filesize

        8.0MB

      • memory/672-43-0x000001AA124A0000-0x000001AA12CA0000-memory.dmp

        Filesize

        8.0MB

      • memory/672-46-0x000001AA124A0000-0x000001AA12CA0000-memory.dmp

        Filesize

        8.0MB

      • memory/672-50-0x000001AA179C0000-0x000001AA18990000-memory.dmp

        Filesize

        15.8MB

      • memory/672-53-0x000001AA124A0000-0x000001AA12CA0000-memory.dmp

        Filesize

        8.0MB

      • memory/672-58-0x000001AA179C0000-0x000001AA18990000-memory.dmp

        Filesize

        15.8MB

      • memory/672-60-0x000001AA179C0000-0x000001AA18990000-memory.dmp

        Filesize

        15.8MB

      • memory/672-61-0x000001AA124A0000-0x000001AA12CA0000-memory.dmp

        Filesize

        8.0MB

      • memory/672-78-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/2424-69-0x00007FFCE07B0000-0x00007FFCE07C0000-memory.dmp

        Filesize

        64KB

      • memory/2424-72-0x00007FFCE07B0000-0x00007FFCE07C0000-memory.dmp

        Filesize

        64KB

      • memory/2424-77-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/2424-75-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/2424-74-0x00007FFCE07B0000-0x00007FFCE07C0000-memory.dmp

        Filesize

        64KB

      • memory/2424-73-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/2424-66-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB

      • memory/2424-71-0x00007FFCE07B0000-0x00007FFCE07C0000-memory.dmp

        Filesize

        64KB

      • memory/2424-70-0x00007FFD20730000-0x00007FFD20925000-memory.dmp

        Filesize

        2.0MB