Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2024, 02:42
Behavioral task
behavioral1
Sample
c779e0f58297c6c9f17d38c1fdf973e2.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c779e0f58297c6c9f17d38c1fdf973e2.doc
Resource
win10v2004-20240226-en
General
-
Target
c779e0f58297c6c9f17d38c1fdf973e2.doc
-
Size
40KB
-
MD5
c779e0f58297c6c9f17d38c1fdf973e2
-
SHA1
cb0a0ac27dc7dca7757a37b76bea45dfcc2671ab
-
SHA256
df51180c6950068f1b3ea41ae7389f81d315e0f91b9f6bfe6833bb8ea2f724d4
-
SHA512
9928051fdbb96fc601440839857eb847b0c0be0733ef3026cfd209346bd23fc7f3601dfa5ba2ca2c619a33fe4507d713b5b322f0de9860573af8999bd6b9a2a5
-
SSDEEP
192:mqEDoSZVVxsm0b5OmW0037gdTgm5ou0cDpAzboAyaMNHXL5Xn6zo+mcAz02oH9vG:mfbHSOmI7gZgEou0cDazbomVBAQ2AUm
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3568 WINWORD.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Local\Temp\~WRD0000.tmp\:Zone.Identifier:$DATA WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 3568 WINWORD.EXE 3568 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE 3568 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\c779e0f58297c6c9f17d38c1fdf973e2.doc" /o ""1⤵
- Deletes itself
- Checks processor information in registry
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3568
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
50KB
MD5b06864df4e1932a251416d46722815f4
SHA1f4e4bce5e33dd5633fadbd99c4fabb337e7d1d7c
SHA25618fb3de6fbc7ef79b900a8e7862966942951ce0b0b4b5fbe23998264388342fe
SHA512e1846c2b9a1fd0163b1f6e2e14f2fa415374bee46068d097febed37f7da74783ee9968f15adb4b46697fab4642e19d2e0bd597d0a3dd10a09023ef901fe090ca
-
Filesize
24KB
MD5065ebed48a49895c35d4c0a1db478975
SHA1c25a64c1034db567a618cbdc92786cd4808fc5c8
SHA256c4a3a5456ce248d21fd79436bee5460a84fe3a96484921170865e13725d8ed9e
SHA512a7b4cab0f0cca46ec7dd3560869b6a6fc3ac517b21a48cdda3d799996bb7c26bb30ed340f545f9379679317b7452169a07f47acef3b008329fcc7617ce5a29e0
-
Filesize
1KB
MD5307774863062cba7c405b1ef6dc09199
SHA1ae0c0ea189e1135f9f521949f82b4c37b3fdca63
SHA2561571c1a999addd300b618374a186d7e105fc8c9b012611d576d695f3659dd110
SHA5126abee8d8ae7d5712fea87b100b7948662f8075d2761d4351df8e4b6a689ce1a8e94575dba1fbd207316163e13e21efa3ed236904d28364f7c07a90467fa0ea07