Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

019e0910c6...6.docx

windows7-x64

7

019e0910c6...6.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    019e0910c6d62d6948ea6f2c83c62491b24cefa4dedc830b93b3c6176a7d9c76.docx

  • Size

    13KB

  • MD5

    fef34c28f4e73d1c8d60dde708819b1a

  • SHA1

    83ed92bca38b4e724d9ce96ace13ad5f40deeec2

  • SHA256

    019e0910c6d62d6948ea6f2c83c62491b24cefa4dedc830b93b3c6176a7d9c76

  • SHA512

    3d58479ca9aae829b9e66c0506995e8c3b9c25ab4ace090f82c4abf7c474a338ff817d757b8b4b415a0000229d1ffbf59338de9cf4735f53a9af27ca92f7ea84

  • SSDEEP

    384:akL+7MipJeXKsPv6wOeDgimG3zxKLr8LDQof:p+LAapimGRnHf

Score
7/10

Malware Config

Signatures

  • Abuses OpenXML format to download file from external location
  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\019e0910c6d62d6948ea6f2c83c62491b24cefa4dedc830b93b3c6176a7d9c76.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1156

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD
      Filesize

      128KB

      MD5

      cefd08f0f4645125947b21d407e0745a

      SHA1

      b916bea4e63fa95132ccfd08151d7e688951ac5c

      SHA256

      85bfa0a8d5e7ae2fba8f6d580aeaec1323c56d9bbd0ed415823012c8967f0da8

      SHA512

      8b3ff6031a96f7bb5a02c84dbfae5184951a71b8ff9dfe49c1395afd61d84dfa759542ef3ab37e12b10b8b9e366b9f0db92057bcdfc717781eb9ce2c8b5d5808

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{893F0250-BE80-4249-AF32-C0A1B4117903}.FSD
      Filesize

      128KB

      MD5

      84faee4540259598c0b6539d8f9f4816

      SHA1

      74d76e9ed6983e11649ec0dd3eb7761f282b34e4

      SHA256

      980ba8d8a03c46bef72241d03b168180abbfe059675aa2420a618d0beab91493

      SHA512

      065c7f4badca22ae67744fdcdd9c2096250fe422ebadb01d584b3379b8d0a9b2eaf52e381df6c12d2b7b0ac7fefb2a6b81b21e50bfdaa9dcb7c65795708bbf0c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
      Filesize

      128KB

      MD5

      79c346265214daf666d79946f28a733a

      SHA1

      d967c89bfb3469a99abeb261de0f39a493605479

      SHA256

      4a610aacedb16db1328f48789b462f1b7af59529aebf687f944c44aabbe8acdd

      SHA512

      75cfa51d7215d2e1ebdcb34311aa4f08351233fafc302ef3abff6ab456921f20705cd702b858a05b16d5ec4d0c7a2c94af32352c7fa017673eca2191a3283147

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{59C148A6-9F4C-4B1A-8362-7E9E022F1EC1}.FSD
      Filesize

      128KB

      MD5

      5c00ca975a6978de7ea50cf87405d8b0

      SHA1

      5e36532bae7a84f2b28c4ca489a5e5e667975dd9

      SHA256

      c3ea427ea9231409a9db48abf433342e03cd8a65b7172d89afa01147f3014e16

      SHA512

      1b3565bd07d1b3715f108b1c37ec81d599431d826e267fd073d576092f826d77f04227adc0c0c73510b07c760595cee953e671051e2756d03a4c9bb53c3b8ca7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{243E3469-CD6D-4FE0-963F-170DEB20AB14}
      Filesize

      128KB

      MD5

      72a454d2bd07eaa09264e99d59c2d8d1

      SHA1

      5a6449fee19480d9244400cf032a01d287260897

      SHA256

      399bbfd99b01fb605379f8ea16a9b47e44b7cfe685030cea08101e584255b9bb

      SHA512

      21fde929c44e23f288e1c015b0d4f1e1e9d9f6c54a1cb3e4e15de8570f8639216068e27ff78fb20993b3a4300eb6a83a71b8ee3eed35b28533b6b81b40d9308c

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      b6397c95a87c15bff728b11c2b4fbff6

      SHA1

      ece1ca2398bf2ecbfc832c88da10135295e6b367

      SHA256

      dfdd6b267d5b696b1c75f8a441dcbe81a8ce890126bd4b3b9b891e94704cd35c

      SHA512

      75d1c7552a4503ad5022c7f9cec3320d768d0c1571dc61cf081355772a1e2977e4843a4f63bee9ca6ed3957e00ad803e1954702b53ebfcf1902ad6ce742a9da6

      Download Submit

    • memory/2072-0-0x000000002F021000-0x000000002F022000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2072-2-0x000000007138D000-0x0000000071398000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2072-68-0x000000007138D000-0x0000000071398000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2072-88-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2072-89-0x000000007138D000-0x0000000071398000-memory.dmp

      Filesize

      44KB

      Download