Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
359s -
max time network
360s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
14/03/2024, 17:12
Static task
static1
Behavioral task
behavioral1
Sample
Propuesta de Solución Integral para Optimizar la Gestión de Información en su Entidad. .eml
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Propuesta de Solución Integral para Optimizar la Gestión de Información en su Entidad. .eml
Resource
win10v2004-20231215-en
General
-
Target
Propuesta de Solución Integral para Optimizar la Gestión de Información en su Entidad. .eml
-
Size
23KB
-
MD5
54a4b11b8e2a6ff2c402c42233301c04
-
SHA1
1e8a1f6b12d7f8b94a3c95acc3aff819a031a211
-
SHA256
4dbcc362e9febc931483423905696f8ed371655f1739af3c1683fc2d7fed99d1
-
SHA512
7096d5d0a1e8f03b04820f23bae128918377d0f4b00b452bd864743cb5df6675525e539eb25c27d7e3564cbc98bf579545b3ec376da793444a02f38f1b569a11
-
SSDEEP
384:Zc9ZV/PsNB2fQJ7luCaD3crwBiGENATj+llMI2EbKJHB7QrznI:OT/+ByQJ7cCaD3crwBiHsj+llj2tJHBv
Malware Config
Signatures
-
Drops file in System32 directory 14 IoCs
description ioc Process File created C:\Windows\system32\perfh00C.dat OUTLOOK.EXE File created C:\Windows\system32\perfc010.dat OUTLOOK.EXE File created C:\Windows\system32\perfh011.dat OUTLOOK.EXE File created C:\Windows\system32\perfc007.dat OUTLOOK.EXE File created C:\Windows\system32\perfc00C.dat OUTLOOK.EXE File created C:\Windows\system32\perfh010.dat OUTLOOK.EXE File created C:\Windows\system32\perfh009.dat OUTLOOK.EXE File created C:\Windows\system32\perfc00A.dat OUTLOOK.EXE File created C:\Windows\SysWOW64\PerfStringBackup.TMP OUTLOOK.EXE File created C:\Windows\system32\perfh007.dat OUTLOOK.EXE File created C:\Windows\system32\perfc009.dat OUTLOOK.EXE File created C:\Windows\system32\perfh00A.dat OUTLOOK.EXE File created C:\Windows\system32\perfc011.dat OUTLOOK.EXE File opened for modification C:\Windows\SysWOW64\PerfStringBackup.INI OUTLOOK.EXE -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\inf\Outlook\outlperf.h OUTLOOK.EXE File opened for modification C:\Windows\inf\Outlook\outlperf.h OUTLOOK.EXE File created C:\Windows\inf\Outlook\0009\outlperf.ini OUTLOOK.EXE -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" OUTLOOK.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt OUTLOOK.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" OUTLOOK.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" OUTLOOK.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" OUTLOOK.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar OUTLOOK.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote OUTLOOK.EXE Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel OUTLOOK.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" OUTLOOK.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2936 OUTLOOK.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2936 OUTLOOK.EXE
Processes
-
C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXEC:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE /eml "C:\Users\Admin\AppData\Local\Temp\Propuesta de Solución Integral para Optimizar la Gestión de Información en su Entidad. .eml"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:2936
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
240KB
MD5c3aee54c508c00f04b18e554bde118fe
SHA141e381236ba990b6393ad704a3a240d3ad2dea58
SHA25646c33af56e00d00217ee40bd6ba1aef1d88cc561bbbc49add49c4a047798ccc7
SHA512a496be483a4c60b6160865f23fac53a8e094aad415386fc8decc728114708bb0890f00294b5c7c4505ec9f080cd54a0a0627a88c5bc09fd47da8da35e97d814a