Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29/06/2024, 21:55
Behavioral task
behavioral1
Sample
1380f16dbe7bfd83d43dfa587e13464b49d09f059d70518e2f25346c506ea46a.xlsm
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
1380f16dbe7bfd83d43dfa587e13464b49d09f059d70518e2f25346c506ea46a.xlsm
Resource
win10v2004-20240508-en
General
-
Target
1380f16dbe7bfd83d43dfa587e13464b49d09f059d70518e2f25346c506ea46a.xlsm
-
Size
25KB
-
MD5
33619ba305f5e0fcb6ba652145f24770
-
SHA1
dcabe0df00e2dd522da797f5edb3766d67c83ae5
-
SHA256
1380f16dbe7bfd83d43dfa587e13464b49d09f059d70518e2f25346c506ea46a
-
SHA512
974b4ac496f493e814ef031ad1cf84e22eb6ef9118865b74186e567328f1ef96c76fc3b572d63004e910b618db77b209c10f5e2a6f3aac03c442c7ff2b0d8bea
-
SSDEEP
384:0qeQi+mqMC9wD8CWS+GiNEu7ZrcIUeT7+ung8wnkiXWm2aMF+ioYRdQmXdJY:01QJnwD8CRHEfT7cxhMbdQubY
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4048 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE 4048 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\1380f16dbe7bfd83d43dfa587e13464b49d09f059d70518e2f25346c506ea46a.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4048