Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
8�...��.doc
windows7-x64
4�...��.doc
windows10-2004-x64
1�...��.doc
windows7-x64
4�...��.doc
windows10-2004-x64
1�...�.docx
windows7-x64
4�...�.docx
windows10-2004-x64
1�...��.doc
windows7-x64
4�...��.doc
windows10-2004-x64
1�...�.docx
windows7-x64
4�...�.docx
windows10-2004-x64
1�...�.docx
windows7-x64
4�...�.docx
windows10-2004-x64
1�...�.docx
windows7-x64
4�...�.docx
windows10-2004-x64
1�...�.docx
windows7-x64
4�...�.docx
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
26/04/2024, 07:34
Behavioral task
behavioral1
Sample
ڵʮղѧ2016�.doc
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ڵʮղѧ2016�.doc
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
ڵʮղѧ2016�.doc
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
ڵʮղѧ2016�.doc
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
ڵʮղѧ2016�.docx
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
ڵʮղѧ2016�.docx
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
ڵʮղѧ2016�.doc
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
ڵʮղѧ2016�.doc
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
ڵʮղѧ2016�.docx
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
ڵʮղѧ2016�.docx
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
ڵʮղѧ2016�.docx
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
ڵʮղѧ2016�.docx
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
ڵʮղѧ2016�.docx
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
ڵʮղѧ2016�.docx
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
ڵʮղѧ2016�.docx
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
ڵʮղѧ2016�.docx
Resource
win10v2004-20240412-en
General
-
Target
ڵʮղѧ2016�.doc
-
Size
59KB
-
MD5
4ddd475ceb35e3995dcec8d4bbc7bcea
-
SHA1
97f401c012535e64338386440f64a573116463fc
-
SHA256
7c31ac2fd9120e3a0163248135d93a8ae6a3e9da876899e98daa5795b2324a25
-
SHA512
cc23127e44c4bf3989dd6a7aecc88d88160f46a57ec5b40e5217f9e4671f413cd5d1955ec35ae1d49b6217a0eb67d1ddd574ccc2dd40b002598df97c7a8aae23
-
SSDEEP
384:+UkkkkrzsBiYwHFkl5qDNynntJxYFIRiSZfI/PKRXySRPXYR0MODtz6AmcYFzX0n:+Q4BixFBY39APo60MC3YFTU
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4892 WINWORD.EXE 4892 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 16 IoCs
pid Process 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE 4892 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ڵʮղѧ2016�.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4892
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl
Filesize245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
Filesize
23KB
MD5516bcfe314a375d04faf02ca7963fc38
SHA10a12edaeceb44ab51170e501fb880d5a2254376e
SHA256a41ffcb89f07fc11dbdb064b214884921a6f87c68a199ae355c524aabdadfdba
SHA512cfd3940e6858db5914cc8cbc82456a6c87f367b86b51caae336cdae6cdd75fd6dbdcde52be7e27e63964706e83be3d5bb6e15783803323d240d2dca0df356fb0
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84