Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

6b811a6692...6f.xls

windows7-x64

1

6b811a6692...6f.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    24s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10/05/2024, 02:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b811a6692091634a736b5ea9f03d04db96405d716dda7ca37889aaaa85f636f.xls

  • Size

    70KB

  • MD5

    df0bbfe23399b4784086dc329769547a

  • SHA1

    7f979b981d4e31ed4f8f6346b2c22cbcb4d13ed5

  • SHA256

    6b811a6692091634a736b5ea9f03d04db96405d716dda7ca37889aaaa85f636f

  • SHA512

    9b6c0b9c58fbf47349bac81f6fafd4614753eafa2fd3d587c465a8fc8766b26b393ad8dab1234b818cd0ebdb863d2dca7b8bda9aa74e66df249980b819d48749

  • SSDEEP

    1536:qU5xEtjPOtioVjDGUU1qfDlaGGx+cbqmj1Aa4RF6qXVBg1RLsAtzON0RC+:15xEtjPOtioVjDGUU1qfDlaGGx+cbqmP

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\6b811a6692091634a736b5ea9f03d04db96405d716dda7ca37889aaaa85f636f.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\VBED2.tmp
    Filesize

    1KB

    MD5

    4e71977855743cc0322aa2f3412ed918

    SHA1

    549e2b5711be9077a5a59b0085f67b82c5b73c04

    SHA256

    2718786b2db5b07298c718113bc6f87490f7ea9aeb529c458349d274e023d6d8

    SHA512

    41aabe3895bc17cd73acc87f28b353e93791cd7edf2f7c61b141343c418ddc9cfd09cfa9289f2b37c7dd3f30c99e7e0e8364f7761ef6fcc705a13167e0582d49

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    49B

    MD5

    ed5186f836f07817f000cb7925640ebb

    SHA1

    bf16103293eaa80b587673b6d07c43fc151a4312

    SHA256

    ad9476ca02e09b209b35062f2b9d1e564e55be23f0f342d903471aab644971d1

    SHA512

    13697db79690e62b3416ddfc75ffdfe46b057322cb9d4698aca2c19169e5aed2c8264c118018b96fc6d6410be7bab0a17a5863b4cea3689516c964d9ff485db3

    Download Submit

  • memory/2460-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2460-1-0x00000000727BD000-0x00000000727C8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2460-6-0x00000000064C0000-0x00000000065C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2460-9-0x00000000064C0000-0x00000000065C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2460-31-0x00000000727BD000-0x00000000727C8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2460-32-0x00000000064C0000-0x00000000065C0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2460-33-0x00000000064C0000-0x00000000065C0000-memory.dmp

    Filesize

    1024KB

    Download