Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
33s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
10/05/2024, 02:03
Behavioral task
behavioral1
Sample
6b811a6692091634a736b5ea9f03d04db96405d716dda7ca37889aaaa85f636f.xls
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
6b811a6692091634a736b5ea9f03d04db96405d716dda7ca37889aaaa85f636f.xls
Resource
win10v2004-20240508-en
General
-
Target
6b811a6692091634a736b5ea9f03d04db96405d716dda7ca37889aaaa85f636f.xls
-
Size
70KB
-
MD5
df0bbfe23399b4784086dc329769547a
-
SHA1
7f979b981d4e31ed4f8f6346b2c22cbcb4d13ed5
-
SHA256
6b811a6692091634a736b5ea9f03d04db96405d716dda7ca37889aaaa85f636f
-
SHA512
9b6c0b9c58fbf47349bac81f6fafd4614753eafa2fd3d587c465a8fc8766b26b393ad8dab1234b818cd0ebdb863d2dca7b8bda9aa74e66df249980b819d48749
-
SSDEEP
1536:qU5xEtjPOtioVjDGUU1qfDlaGGx+cbqmj1Aa4RF6qXVBg1RLsAtzON0RC+:15xEtjPOtioVjDGUU1qfDlaGGx+cbqmP
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 312 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 312 EXCEL.EXE 312 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE 312 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\6b811a6692091634a736b5ea9f03d04db96405d716dda7ca37889aaaa85f636f.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:312
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD54e71977855743cc0322aa2f3412ed918
SHA1549e2b5711be9077a5a59b0085f67b82c5b73c04
SHA2562718786b2db5b07298c718113bc6f87490f7ea9aeb529c458349d274e023d6d8
SHA51241aabe3895bc17cd73acc87f28b353e93791cd7edf2f7c61b141343c418ddc9cfd09cfa9289f2b37c7dd3f30c99e7e0e8364f7761ef6fcc705a13167e0582d49
-
Filesize
256B
MD5c6b1a5f0fabb13661274b6680a92fb51
SHA1fb4f7039b2ebec3cb4437d95d522525294cadccc
SHA2563187033c928e0b968eba0b2ade93ae172fe40093bb6f99ac4b3f8a0d5fd506d1
SHA51225138c9e45282406b41ed01d2dc97da4be0db6cb254b8bac28244990065264390c6514d163f95e32993d91d9c77366de8de26440f51ac873da7ac97feff0d221