Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    133s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 05:13

General

  • Target

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls

  • Size

    1.0MB

  • MD5

    8c545dd587fa71f85835f947e6d85b14

  • SHA1

    995f48353255ab855f43fa73cfac360a5e88fedf

  • SHA256

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb

  • SHA512

    1f1dd436b8432f1f6b839eaa260ad724bbc21478680d094fc000af9794e3b0f606c9250c1d94f77c684d89be1d82cd204c5c488ccca703eb9ddb86c178795b6f

  • SSDEEP

    12288:nDMduhqCSBkbYJ3KeJ5ZSbJMo4iW9HA5BuXvKB/FU/9v4RQ3l16WGZHHv7iMnCdn:DMm+sYJ3KaT8IiBO1vIQVoWGVYD

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{1671E0D5-80D0-442F-8640-DB1E4C9B1811}.FSD

    Filesize

    128KB

    MD5

    414161392ebb18a116df7dee14716bd0

    SHA1

    36562d2a1f1183d6dd68f085fec6d650c675a530

    SHA256

    44aa960dd154eab4bf7ba3b165077a7caf05b40ddfe96542ca8893562557fd29

    SHA512

    68abcbe3d4155f36844a518efc0b8fb74782e69b3d3e752f6a9d65621df28ebda1304efab7a383638d9d46f9d041b842b6990c5daccc817bcb516d311cfccaa0

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    65b74d415fd404c9e0d5833634ba92c6

    SHA1

    1b553a8ba5b19c2046430c88dca08ede17a54962

    SHA256

    46a413555a62e3fba139a49e2f46220a5835cce9ce3ab5c73db53011fea44916

    SHA512

    c854b39740657597a6d15794d52c059df2f647d4518f8a7e0e7642af4cd316c9eeda0f257f3fa1b0bbbcc5596b416c28d6c2ff8a892b2a50632cfa6259e219d4

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{2054ADCD-A223-4758-A417-A11FC28978D7}.FSD

    Filesize

    128KB

    MD5

    14e863aa2aabab19db9a5bd366610e56

    SHA1

    84cd2a64661a48ffc71dd9e2c268b43e347aea1f

    SHA256

    019f18df349135587945137a5178239a521ab89e169b5e3c7b648d8c21624db1

    SHA512

    6c8b5df6f148023e42e89a239e03ab748447764eb0291e28ca26f866c9c4bf6baab3a5ce9b140a31da48ce5024bb0611821a70e1cc0fdffcd6f4cc1e9d8a1722

  • C:\Users\Admin\AppData\Local\Temp\{1300F50A-60A5-4831-92C6-808F0F0DB158}

    Filesize

    128KB

    MD5

    dc409a2a2ba57e876bab7269104640a2

    SHA1

    d8dc39170d516e413fd55636032d2aa7338b8f15

    SHA256

    5aa12c4b1ebd49f3f5810615701f189d53411d9cd3b47130bb3259a26d9cf9b1

    SHA512

    2d742ad2f57e7175b8018500b897754d33e230617e0caec36d79dfb9b0b60bc0595291855ae31398b770282718662668f016473ccd6ffd5a7303a5e8e20e455e

  • memory/348-73-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/348-76-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/348-70-0x00000000728DD000-0x00000000728E8000-memory.dmp

    Filesize

    44KB

  • memory/348-71-0x0000000008F20000-0x0000000009020000-memory.dmp

    Filesize

    1024KB

  • memory/348-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/348-74-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/348-75-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/348-1-0x00000000728DD000-0x00000000728E8000-memory.dmp

    Filesize

    44KB

  • memory/348-77-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/348-78-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/348-82-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/348-87-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/348-86-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB

  • memory/348-88-0x0000000006350000-0x0000000006450000-memory.dmp

    Filesize

    1024KB