Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

2b230ce6c5...40.xls

windows7-x64

1

2b230ce6c5...40.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    225s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 06:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b230ce6c5f93b7aee0700d357295040.xls

  • Size

    63KB

  • MD5

    2b230ce6c5f93b7aee0700d357295040

  • SHA1

    0299acf09ebda553ed2fac639a72d3186adc02d9

  • SHA256

    79fd8ecef57f27ffa7ccc6cbc3e37a2e260440936b93b73b6f957baffa2141c9

  • SHA512

    e062a47af4cba0edbb6a0afe9df09979bcf02716a3edaf9c4146d60fc00802da282e0657efa36917c2c94d6a6a6742d2f0024eaf2348c3ef44575f8a865ca34b

  • SSDEEP

    768:H7shnMPKvK+0vehMSFfFrMYUJP+kPWQT0c:YMPaKvYMSFfFrMYUJmGT0c

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2b230ce6c5f93b7aee0700d357295040.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\VB363F.tmp
    Filesize

    1KB

    MD5

    4d881fc65ea348bacc4e3025f5098c3d

    SHA1

    4df3494a8845c3421dbcee98466a7ffd2f144196

    SHA256

    832dc6a8fbf0602c8654a5972599fd8b49d6a6cba866f1284f5938c22481e7a9

    SHA512

    f92624312df49d6760cb7d1af4c51a6fe3af9779e0cdb4d71b92f685e9d6690d4b95eb6fe8d40d4d5b023eafc0237a0f53ab5cfdaecaeedb319a840d0d498313

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    65B

    MD5

    25d41a42ee9b8d154562d578215e661d

    SHA1

    a3f9b7cb48ad887368dacd92cfafdc7e4130e015

    SHA256

    0d134608991fb9907c72055f0c1ec396771e559acb7ba6aa321147af147ca1fe

    SHA512

    906fb2b2fd1bedd2ac876847f5f0adfadfbb5c9e85b5bfc5ddd45e358655b5fcfa6b63d98034690783e577a7b2f7be31ed043f37cd811832ba589c9a4f0b1cb5

    Download Submit

  • memory/2276-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2276-1-0x000000007232D000-0x0000000072338000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2276-2-0x00000000003E0000-0x00000000004E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2276-3-0x00000000003E0000-0x00000000004E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2276-4-0x00000000003E0000-0x00000000004E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2276-6-0x00000000003E0000-0x00000000004E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2276-7-0x00000000003E0000-0x00000000004E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2276-20-0x000000007232D000-0x0000000072338000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2276-31-0x00000000003E0000-0x00000000004E0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2276-32-0x00000000003E0000-0x00000000004E0000-memory.dmp

    Filesize

    1024KB

    Download