Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
100s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29/02/2024, 05:27
Static task
static1
Behavioral task
behavioral1
Sample
5d558cf0327726b279e1d2d4d7eee130ef6fe0d25e237738228a09a3fb879f46.xlsx
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5d558cf0327726b279e1d2d4d7eee130ef6fe0d25e237738228a09a3fb879f46.xlsx
Resource
win10v2004-20240226-en
General
-
Target
5d558cf0327726b279e1d2d4d7eee130ef6fe0d25e237738228a09a3fb879f46.xlsx
-
Size
55KB
-
MD5
7fbec356556106209d637059bc551604
-
SHA1
fa74d3e9503aa07a57f53bf471d5753001a722df
-
SHA256
5d558cf0327726b279e1d2d4d7eee130ef6fe0d25e237738228a09a3fb879f46
-
SHA512
04a650d3845574333f9c5f2042a5d3fb69854272b110042d85f181e0fa883a8050d5d0d0c016cd7c6ce05857844241b148b827af95a1fcbad9141271ba060f7b
-
SSDEEP
1536:p/ToOEjzAw7Y2r7DUsV4XzY9t3jSagJYweh0:BoOAcw7nXDUsOjm3jTxh0
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3888 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE 3888 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\5d558cf0327726b279e1d2d4d7eee130ef6fe0d25e237738228a09a3fb879f46.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3888