Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

PROMO 2024...E.docx

windows7-x64

4

PROMO 2024...E.docx

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 11:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PROMO 2024 BON DE COMMANDE VIERGE.docx

  • Size

    46KB

  • MD5

    7413cefd287767696f3e3c9937fd4abd

  • SHA1

    ce64570302dca0fefd2ecb178041753918a10ea3

  • SHA256

    2e646e7fce0d263c8b4f05acb9c4603d1e53b47a86e6c6bec06771ef449b851e

  • SHA512

    b350b01c09a65f80c4b5ffb53acbf3748cfb8a9d4018d75e4d02ad04501831c988c52764c0c5bb93fbd8186b6eca8e0dcebef323007fe1d7f57e84f94f18d637

  • SSDEEP

    768:ap52vMusdC4ATOS4YrmRuUFhZwHwGreMFpTnLSzpjmZaiWQm5Qc+V5WN6:aL2rsdCPOVYrmRhFkQGrelVijbJc+O6

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\PROMO 2024 BON DE COMMANDE VIERGE.docx"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2968

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
      Filesize

      20KB

      MD5

      9cbf2bda74b9f3ef88750a9f372ce9a1

      SHA1

      bfc0814488deec524806011bdc84f64ec225a2de

      SHA256

      cc1fee8108b1f3c1d78c2be0c7002cf90db0c27954035e55e4c6be6775803615

      SHA512

      92093a4719ba6a5be81430b71d126022a02b043ae0bcfca28ccdcfcde07f53e12eb99cbce09ccf250d41351f1ebf4d1c6818b0067b8d950528116b68677400a7

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryFR040c.lex
      Filesize

      2B

      MD5

      f3b25701fe362ec84616a93a45ce9998

      SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

      SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

      SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

      Download Submit

    • memory/1732-0-0x000000002FD01000-0x000000002FD02000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1732-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1732-2-0x000000007165D000-0x0000000071668000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1732-23-0x000000007165D000-0x0000000071668000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1732-46-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download