Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
35s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
19/02/2024, 08:04
Static task
static1
Behavioral task
behavioral1
Sample
Bel07.docx
Resource
win10-20240214-en
Behavioral task
behavioral2
Sample
Bel07.docx
Resource
win10v2004-20231222-en
General
-
Target
Bel07.docx
-
Size
247KB
-
MD5
a124da9c6b56b18c6ecac43c3ece5c0c
-
SHA1
c15182509a6b28c37efb03e25c89d39a891a946a
-
SHA256
365ce54191af6d00a8c9a8c1a1c5ffe39c0e8015f55d0687d546d3a0c7bb538b
-
SHA512
e09f2bd5d4de905f4d8491d1c30e5f43381b6793b68825352e8b72858f95e79d134f0b56a18403bbcf1edb21e05c854113d4d91cdb3090710dc6c493caa5082a
-
SSDEEP
6144:7XdAJBt9CoZ8cfxNdezCmWvdQ7c5m6J8VnVKtKVz:TgFZ5OCmW1Q7mqOC
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4460 WINWORD.EXE 4460 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 4460 WINWORD.EXE 4460 WINWORD.EXE 4460 WINWORD.EXE 4460 WINWORD.EXE 4460 WINWORD.EXE 4460 WINWORD.EXE 4460 WINWORD.EXE 4460 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Bel07.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4460
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD53bc2455afef45f0951e957e94a07af3a
SHA1e4ee9ac668c2e0a3bace22378efa4a7ee37830e4
SHA256d0b248b9a6f05b56686873b1a4f8e14a2cba67b3c2dc8e15c7f6326c47bdb128
SHA5123cf42e57ed89bbd5e6b07fde978b184e691367852e572d441943c757fb1c5d73d43a431939050565ed16c93ac1d491b0ff06f554d093bd8e7f30680d84aabf04