Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

3c43c27332...ab.xls

windows7-x64

1

3c43c27332...ab.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2024, 10:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c43c273329967a735e5a2775edfa84f195e15492262b5a3fde0bad3a2e3eeab.xls

  • Size

    3.9MB

  • MD5

    0bccf4196b3aaaf8a0b16f64f52bf58f

  • SHA1

    11b77825fc60ce2ca222e490e1472ffc02f34f85

  • SHA256

    3c43c273329967a735e5a2775edfa84f195e15492262b5a3fde0bad3a2e3eeab

  • SHA512

    a9e6c0388f6b136d1b0a1a09bd524fe2cd25d74432e6878d4f9db1979a334287dd0055fa5b0959cadc9239ef67decefddbd44b099aa4088049c38f01d7763e45

  • SSDEEP

    12288:+OuUfY7WD8FmMgQMgwH4NysUrZhCNPnMquXoTocXsKbLC+vAptFm07gqB8FEbvpJ:X8F2EeoMqucXNbcHFRgqhjvv3jFdRj

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3c43c273329967a735e5a2775edfa84f195e15492262b5a3fde0bad3a2e3eeab.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4480

Network

  • flag-us
    DNS
    46.28.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    46.28.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    72.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    91.90.14.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    91.90.14.23.in-addr.arpa
    IN PTR
    Response
    91.90.14.23.in-addr.arpa
    IN PTR
    a23-14-90-91deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.96:443
    Request
    GET /th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1678
    date: Tue, 16 Apr 2024 10:08:58 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.5c3d3e17.1713262138.1326b0df
  • flag-us
    DNS
    96.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    96.61.62.23.in-addr.arpa
    IN PTR
    Response
    96.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-96deploystaticakamaitechnologiescom
  • flag-us
    DNS
    26.73.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.73.42.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    26.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 23.62.61.96:443
    https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.5kB
     7.0kB
     17
    13

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239368050262_1H4FJCNTCWVEV5UPC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 8.8.8.8:53
    46.28.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    46.28.109.52.in-addr.arpa

  • 8.8.8.8:53
    72.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    72.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    91.90.14.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    91.90.14.23.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    96.61.62.23.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    96.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    26.73.42.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    26.73.42.20.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    26.173.189.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    26.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4480-0-0x00007FFDCB990000-0x00007FFDCB9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-1-0x00007FFDCB990000-0x00007FFDCB9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-2-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-3-0x00007FFDCB990000-0x00007FFDCB9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-4-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-6-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-5-0x00007FFDCB990000-0x00007FFDCB9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-7-0x00007FFDCB990000-0x00007FFDCB9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-8-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-9-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-11-0x00007FFDC94A0000-0x00007FFDC94B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-12-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-10-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-13-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-14-0x00007FFDC94A0000-0x00007FFDC94B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-15-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-16-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-17-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-18-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-19-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-20-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-21-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-23-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-22-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-32-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-33-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-48-0x00007FFDCB990000-0x00007FFDCB9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-49-0x00007FFDCB990000-0x00007FFDCB9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-50-0x00007FFDCB990000-0x00007FFDCB9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-51-0x00007FFDCB990000-0x00007FFDCB9A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4480-52-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4480-53-0x00007FFE0B910000-0x00007FFE0BB05000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.