Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
58s -
max time network
61s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
29/06/2024, 21:39
Behavioral task
behavioral1
Sample
a895af1eb0916b0ad5af483c4414aaf531460d5292b48a7fec5df0686e9f22eb.xlsm
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a895af1eb0916b0ad5af483c4414aaf531460d5292b48a7fec5df0686e9f22eb.xlsm
Resource
win10v2004-20240611-en
General
-
Target
a895af1eb0916b0ad5af483c4414aaf531460d5292b48a7fec5df0686e9f22eb.xlsm
-
Size
92KB
-
MD5
aef078e96fd1e19e5e73bde5f82af492
-
SHA1
23fcb09bd4bc6aad2841dce652672d27883ab468
-
SHA256
a895af1eb0916b0ad5af483c4414aaf531460d5292b48a7fec5df0686e9f22eb
-
SHA512
38c78c4f929064dd873361e854baf88c12665eb32aae56e7a53764637b0568725521e5a311771d8eab1e71729eb5b0fbe169b9be86e04bd0a4028bfca0597dd1
-
SSDEEP
1536:CguZCa6S5khUIU1AlZl6o4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIkFf:CgugapkhlGcaPjpM+d/Ms8ULavLcF
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1228 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE 1228 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\a895af1eb0916b0ad5af483c4414aaf531460d5292b48a7fec5df0686e9f22eb.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4404,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=1036 /prefetch:81⤵PID:2444