Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
160s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12/03/2024, 15:15
Static task
static1
Behavioral task
behavioral1
Sample
654bb8d3fb077affd795af90c23934a50c61e96ae5d3ff694366535468dcf9ca.doc
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
654bb8d3fb077affd795af90c23934a50c61e96ae5d3ff694366535468dcf9ca.doc
Resource
win10v2004-20240226-en
General
-
Target
654bb8d3fb077affd795af90c23934a50c61e96ae5d3ff694366535468dcf9ca.doc
-
Size
8KB
-
MD5
b39be9e3d8bcd48167c35e4d15a6f28f
-
SHA1
9770bab690febc2ed77052263570a2206cf85e40
-
SHA256
654bb8d3fb077affd795af90c23934a50c61e96ae5d3ff694366535468dcf9ca
-
SHA512
3b387a60a857cd9bb33bb99d7518c6d9acce37252b44c32cb9715cf84d5a711be579da758810c2879b7113d7f7c24ba7a32336062f725dcf4819878d5988009e
-
SSDEEP
96:m4BWSBOEo98tVbaCoub1vzg+X4GjhliTt85uIiCGtcFiaaFLjix:mDZ6XP1jhet6BGtQa
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2800 WINWORD.EXE 2800 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 20 IoCs
pid Process 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE 2800 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\654bb8d3fb077affd795af90c23934a50c61e96ae5d3ff694366535468dcf9ca.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4420 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:81⤵PID:3068