Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

AMASS 2.0/...es.rtf

windows7-x64

4

AMASS 2.0/...es.rtf

windows10-2004-x64

1

AMASS 2.0/...es.rtf

windows7-x64

4

AMASS 2.0/...es.rtf

windows10-2004-x64

1

AMASS 2.0/...up.exe

windows7-x64

6

AMASS 2.0/...up.exe

windows10-2004-x64

6

AMASS 2.0/...up.exe

windows7-x64

8

AMASS 2.0/...up.exe

windows10-2004-x64

8

AMASS 2.0/...on.pdf

windows7-x64

1

AMASS 2.0/...on.pdf

windows10-2004-x64

1

AMASS 2.0/...60.dll

windows7-x64

1

AMASS 2.0/...60.dll

windows10-2004-x64

1

AMASS 2.0/setup.exe

windows7-x64

1

AMASS 2.0/setup.exe

windows10-2004-x64

1

Resubmissions

09/03/2024, 00:10

240309-agetcabb6y 8

09/03/2024, 00:06

240309-adr99sac64 8

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AMASS 2.0/AMASS/ReleaseNotes.rtf

  • Size

    174KB

  • MD5

    276d96b2fe669e30b1483999e9f0c2d1

  • SHA1

    bd3e6ad6616c33884a8f733684299c8174c0ecf8

  • SHA256

    d4631f260ede90faa3b709c7256ac503b603f45bbd1447aea3cc01c62f2d03e2

  • SHA512

    74790b950398fbd3ecb81d44991fe573353b0f22eda6167401cddd873fa73bc5ef2b2fa692a4f7f27646c3cfa033ffcffa9ac3e8c25bc4252b9c58778e98ec5c

  • SSDEEP

    1536:lEtAZdGdioeLroRL1Y24ISBuht9u/1pIg3cCLjc8an/QyG:l7ZdGdioeL52UBulu/znjc8an/Y

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\AMASS 2.0\AMASS\ReleaseNotes.rtf"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:860

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      6ef279dcd4f2c7e78407dcef6001a315

      SHA1

      c9d490e2893cffa8ce1f065318fe002254ea5ff4

      SHA256

      b8c694e25edae05affbdee493e5b0a2cf6fba9751c1009413d21c145d81a091d

      SHA512

      2338ab0ac0c483e657867fd4ae770815e4b89d32b26dbdc4de6eece8a4991c87f03851b97c49c97dd5998d782fdbd84477e537e93676356756c4f2a6c012f7c6

      Download Submit

    • memory/3040-0-0x000000002F211000-0x000000002F212000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3040-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3040-2-0x00000000719ED000-0x00000000719F8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/3040-11-0x00000000719ED000-0x00000000719F8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/3040-32-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download