Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
27/06/2024, 16:25
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.RTF.Obfuscated-gen.21705.397.rtf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.RTF.Obfuscated-gen.21705.397.rtf
Resource
win10v2004-20240611-en
General
-
Target
SecuriteInfo.com.RTF.Obfuscated-gen.21705.397.rtf
-
Size
29KB
-
MD5
d29a0860dbddda39a297fb825ce90aa5
-
SHA1
04864b8ebe1f46e0021f416e7aa0a4e780560360
-
SHA256
6ba048d9b21161036e112e2b70482816bc595361c423327659f7e2a4256d8759
-
SHA512
735d082b44cfd366d51e70aa339796a173d788cf680117b8572d676bbc77894320cfc95e6f01c8079f8856172858bda822267425464a0313169c9b633649f7e8
-
SSDEEP
384:146yQ410YTsesBjgCqqHOyeyNmaPOQfk5MiSUwxl4lt/R40mm:14uXY1LlyIaPu5MiS+
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 224 WINWORD.EXE 224 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 224 WINWORD.EXE 224 WINWORD.EXE 224 WINWORD.EXE 224 WINWORD.EXE 224 WINWORD.EXE 224 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.RTF.Obfuscated-gen.21705.397.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
262KB
MD551d32ee5bc7ab811041f799652d26e04
SHA1412193006aa3ef19e0a57e16acf86b830993024a
SHA2566230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA5125fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810