Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 23:02
Behavioral task
behavioral1
Sample
28490977f9917189a103fcfe9b3550e0e65ee470e226fc4701cf57a54557a22b.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
28490977f9917189a103fcfe9b3550e0e65ee470e226fc4701cf57a54557a22b.doc
Resource
win10v2004-20240226-en
General
-
Target
28490977f9917189a103fcfe9b3550e0e65ee470e226fc4701cf57a54557a22b.doc
-
Size
301KB
-
MD5
24755d9b827424b6f667aa4d8cee8ba0
-
SHA1
d3af2d54cee2cb1c98eaf28f995724d06788d61e
-
SHA256
28490977f9917189a103fcfe9b3550e0e65ee470e226fc4701cf57a54557a22b
-
SHA512
aa206e162c5ba1969720a9941d12b8f5806b25ba0b50c3dbcd7d0d2f0e06e8dd2df25eab4dab7bcace4a69763ed3f1694f1813fd4870f54eb4be1c781ca67a70
-
SSDEEP
6144:Zj7mtFt+P5r9lqBjWXLjktLUNhvQQUO4sUl:d7mp+P5GWXLjktLUNhvQQUO4sUl
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 1552 WINWORD.EXE 1552 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 21 IoCs
pid Process 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE 1552 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\28490977f9917189a103fcfe9b3550e0e65ee470e226fc4701cf57a54557a22b.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1344 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:81⤵PID:4620