Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

72b5f08d8f...7.xlsx

windows7-x64

1

72b5f08d8f...7.xlsx

windows10-2004-x64

1

Analysis

  • max time kernel
    107s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/01/2024, 18:13 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72b5f08d8fdb49354633b86307d1ddb7.xlsx

  • Size

    9KB

  • MD5

    72b5f08d8fdb49354633b86307d1ddb7

  • SHA1

    2ab1f737e978ade0b36ac0f76ea844292062bac4

  • SHA256

    61238d164faf3be8e191f2655c6e1e68f594a324494cc394952cf18e0b970a68

  • SHA512

    941ffd8ab2380170efa945ef1bf2c7b4b52aa7d9f76bc9e06ee45ab9b02a8c219c1e6932a624eff049340a5a12084eea2e935712f497399d82cb12507d3e4c9f

  • SSDEEP

    192:APb+uQtqpbzlVd3Yd9eFEBPJ2Z3Km4oLCcjBHP4:8etqpNOBPJ2coFjJ4

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\72b5f08d8fdb49354633b86307d1ddb7.xlsx"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3080

Network

  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    97.32.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.32.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.143.182.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    140.71.91.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    140.71.91.104.in-addr.arpa
    IN PTR
    Response
    140.71.91.104.in-addr.arpa
    IN PTR
    a104-91-71-140deploystaticakamaitechnologiescom
  • flag-us
    DNS
    177.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    177.178.17.96.in-addr.arpa
    IN PTR
    Response
    177.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-177deploystaticakamaitechnologiescom
  • flag-us
    DNS
    14.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    139.191.110.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    139.191.110.104.in-addr.arpa
    IN PTR
    Response
    139.191.110.104.in-addr.arpa
    IN PTR
    a104-110-191-139deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    97.32.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.32.109.52.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    208.143.182.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    208.143.182.52.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    140.71.91.104.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    140.71.91.104.in-addr.arpa

  • 8.8.8.8:53
    177.178.17.96.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    177.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    14.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    14.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    139.191.110.104.in-addr.arpa
    dns
    74 B
     141 B
     1
    1

    DNS Request

    139.191.110.104.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3080-0-0x00007FFBA85F0000-0x00007FFBA8600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-1-0x00007FFBA85F0000-0x00007FFBA8600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-3-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-2-0x00007FFBA85F0000-0x00007FFBA8600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-4-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-7-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-6-0x00007FFBA85F0000-0x00007FFBA8600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-5-0x00007FFBA85F0000-0x00007FFBA8600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-8-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-10-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-9-0x00007FFBA6180000-0x00007FFBA6190000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-11-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-12-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-13-0x00007FFBA6180000-0x00007FFBA6190000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-14-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-15-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-17-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-16-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-18-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-19-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-20-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-21-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-22-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-23-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-33-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-49-0x00007FFBA85F0000-0x00007FFBA8600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-50-0x00007FFBA85F0000-0x00007FFBA8600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-51-0x00007FFBA85F0000-0x00007FFBA8600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-52-0x00007FFBA85F0000-0x00007FFBA8600000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3080-54-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3080-53-0x00007FFBE8570000-0x00007FFBE8765000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.