Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 16:49
Static task
static1
Behavioral task
behavioral1
Sample
march19-D3145-2024[1314225].xlsx
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
march19-D3145-2024[1314225].xlsx
Resource
win10v2004-20240226-en
General
-
Target
march19-D3145-2024[1314225].xlsx
-
Size
56KB
-
MD5
60d07f9e7daf81bb5a9bb4b3bed41bfd
-
SHA1
2757c793b96639f3bca33bdd07576d3ad95d063b
-
SHA256
2766eeb9422ef9dccc1f208e7cbb807c57decae2b08d82995aaf897a67583c94
-
SHA512
a90b3a0d6af36d1b404d687d71b8d59f234129cfefe972381af5479c4501cf2d513b7131c4107a7a0ab45d4a5722f7e0854e5ff52578b4bcfcdaae8dc5c49a45
-
SSDEEP
1536:Fkws9oLE3Ow6DyPgMUti9xx7bxNfI5ydaRLgIui3pqDyBROnlTE:FSoEOfEgMNdxI5yYhgu5zBRYg
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3088 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE 3088 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\march19-D3145-2024[1314225].xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3088