Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 05:17

General

  • Target

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls

  • Size

    1.0MB

  • MD5

    8c545dd587fa71f85835f947e6d85b14

  • SHA1

    995f48353255ab855f43fa73cfac360a5e88fedf

  • SHA256

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb

  • SHA512

    1f1dd436b8432f1f6b839eaa260ad724bbc21478680d094fc000af9794e3b0f606c9250c1d94f77c684d89be1d82cd204c5c488ccca703eb9ddb86c178795b6f

  • SSDEEP

    12288:nDMduhqCSBkbYJ3KeJ5ZSbJMo4iW9HA5BuXvKB/FU/9v4RQ3l16WGZHHv7iMnCdn:DMm+sYJ3KaT8IiBO1vIQVoWGVYD

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    fedb07fcf7ba07703fc5c2fb10cb5bf4

    SHA1

    95f2284dd26da0bb40d040373891899f9299f783

    SHA256

    6d3bb074dbd675e0e2fd7c76258f74c52a333910027d2caa787da56675452980

    SHA512

    4f2e706e99ce3971bc62d023465cd08313681f9ae1af99cf1d2894b4a41a2db6afa551131f64d8868e0c2164cbed4e1689a295eb2de394d6e06a1846be1de980

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    04ac0e8b0365e6847d5cf36fee9d519d

    SHA1

    0f0bdcc97b2ddeb49becb911d2482d2065cad53e

    SHA256

    195f70639778fd01ad75173fd26d4d8848a7133346c754a3cf31d83e8e4e741c

    SHA512

    04f64a41926fd3377b5b68e7b90fe0ab57b6f9ceee3e44b35f50b89b4ca1aa9dd584fd158f2cf5746ff68206d551f0c8e7145d689afde5b8b272712b826e900e

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{766B8828-1B85-4F8E-A902-3BE0CFA4C719}.FSD

    Filesize

    128KB

    MD5

    d67b06bd5256815954e4846f3d97a0fd

    SHA1

    5dfd5d76b26a25d7d1f11cabed53e2ea0c9720ca

    SHA256

    d5ccd15ad61ac611600202074896fb343e04fbe8e2c25366f03ec10f0bd3378d

    SHA512

    4b733e4e4eab41df6385f27697bbdd4bb5decea11e0a3b0d1e9f7b384c9c606fe6e1dc9e1c604263f25932d7eba7437821c34f59461972c9b1076a0305700fe8

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    effd273e31b365c50f795dbcaef63eca

    SHA1

    d2629422060946a8ec78a39545e52ffbbb57b1ac

    SHA256

    f71cb65d2dede33f087ea4efe3749bf4047d2ede8414dffb0be6da78840e4be3

    SHA512

    4972f22b9a7ee2a62f96c6d43013d33731651032588fcfb116958cce3e4721390a9ea34b240ab046dd61d0a147d88bf6261f29e25114a40ba1909a50a878d41b

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{D6C68E75-CEDE-4776-B86F-A28FCF5F98B1}.FSD

    Filesize

    128KB

    MD5

    a527f6987b9f90a584028db4ab5c9ae5

    SHA1

    d3eb1c5e837c2e724f035fb63239e8d6ff989a96

    SHA256

    b20753ec5fd001a79530da1b69517b2693aa1a71673d2669cca8e5baf026dc9c

    SHA512

    716f4815d463aa34837039ae96639e9acd67fa275f12223473545edd2490227b358ddf248b49836cbc70b5b59d166d44d978611f56bb2d3e8ce3cb3a558b9b99

  • C:\Users\Admin\AppData\Local\Temp\TarBCA1.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\{BE6EC19B-A7CF-4AA1-AF76-784D9F066877}

    Filesize

    128KB

    MD5

    598ab2d7ce4085951c04f8df01d66e1c

    SHA1

    33491d9008929793d43e2b0371dc38731c735cb0

    SHA256

    96bddef97817fb47436797d105e3457bb94a5fdb2d7afa762f0a88549f786518

    SHA512

    945600b58b2e85d73144090cb8ac2c249b8e0ad79886eb5a3e444ad67a8530aa2f16d1689e198f4c0f2a2bb7d8cdc4cb5c6191db90b9c541c40ff0f14c319526

  • memory/836-595-0x00000000094D0000-0x00000000098D0000-memory.dmp

    Filesize

    4.0MB

  • memory/836-13-0x00000000720FD000-0x0000000072108000-memory.dmp

    Filesize

    44KB

  • memory/836-1-0x00000000720FD000-0x0000000072108000-memory.dmp

    Filesize

    44KB

  • memory/836-580-0x0000000008C00000-0x0000000008D00000-memory.dmp

    Filesize

    1024KB

  • memory/836-583-0x00000000094D0000-0x00000000098D0000-memory.dmp

    Filesize

    4.0MB

  • memory/836-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/836-594-0x00000000094D0000-0x00000000098D0000-memory.dmp

    Filesize

    4.0MB

  • memory/836-596-0x00000000094D0000-0x00000000098D0000-memory.dmp

    Filesize

    4.0MB

  • memory/836-584-0x00000000094D0000-0x00000000098D0000-memory.dmp

    Filesize

    4.0MB

  • memory/836-590-0x00000000094D0000-0x00000000098D0000-memory.dmp

    Filesize

    4.0MB

  • memory/836-585-0x00000000094D0000-0x00000000098D0000-memory.dmp

    Filesize

    4.0MB

  • memory/836-582-0x00000000094D0000-0x00000000098D0000-memory.dmp

    Filesize

    4.0MB

  • memory/836-597-0x00000000094D0000-0x00000000098D0000-memory.dmp

    Filesize

    4.0MB