Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 07:11
Behavioral task
behavioral1
Sample
2ce295dcd3764b8618daeade78c6e6c4.xlsb
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2ce295dcd3764b8618daeade78c6e6c4.xlsb
Resource
win10v2004-20231215-en
General
-
Target
2ce295dcd3764b8618daeade78c6e6c4.xlsb
-
Size
344KB
-
MD5
2ce295dcd3764b8618daeade78c6e6c4
-
SHA1
46045b4d9f509a83cedfafaa48a05c19f52249a4
-
SHA256
6de25ca57c86190d89f900b0d6c95bc5484102e46180f39c916e0f6b2ddca9f1
-
SHA512
aeba76bd6561f5976724d8be3f07a909e105a9f306f5053d055d0d9bfb180716aea77abf61550af08a1d1b8b3acee6c22e6fdaa35acdf225ad11d6acb4519871
-
SSDEEP
6144:ogkHHNfWH2LohOGYw6CC5jTT453mjEIbWiGVAKSLFN+YInSCRvuPsxN5j:kHNuWL2OGY/TTy2jEIJc6FNu3uPmNN
Malware Config
Signatures
-
Process spawned unexpected child process 2 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 4424 3948 wmic.exe 36 Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process 736 5048 mshta.exe 89 -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3948 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE 3948 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\2ce295dcd3764b8618daeade78c6e6c4.xlsb"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3948 -
C:\Windows\System32\Wbem\wmic.exewmic process call create 'mshta C:\ProgramData\NwLapcDikupcDN.sct'2⤵
- Process spawned unexpected child process
PID:4424
-
-
C:\Windows\system32\mshta.exemshta C:\ProgramData\NwLapcDikupcDN.sct1⤵
- Process spawned unexpected child process
PID:736