Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 05:18

General

  • Target

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls

  • Size

    1.0MB

  • MD5

    8c545dd587fa71f85835f947e6d85b14

  • SHA1

    995f48353255ab855f43fa73cfac360a5e88fedf

  • SHA256

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb

  • SHA512

    1f1dd436b8432f1f6b839eaa260ad724bbc21478680d094fc000af9794e3b0f606c9250c1d94f77c684d89be1d82cd204c5c488ccca703eb9ddb86c178795b6f

  • SSDEEP

    12288:nDMduhqCSBkbYJ3KeJ5ZSbJMo4iW9HA5BuXvKB/FU/9v4RQ3l16WGZHHv7iMnCdn:DMm+sYJ3KaT8IiBO1vIQVoWGVYD

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    e65ce0ccdc380be67c2ffd8768d38d1d

    SHA1

    da74a165a263a08141656e95015e0d893ba11b1c

    SHA256

    afd49673203c83810b05debf80a7ddb94a5ffd5fb1cf27efb31d90b8ab9ca6cc

    SHA512

    9715c15e4315f2623f91a8ba43b9632a5aac128e8d1973967fb208ffae136c3018e6a75bd98889fcac901d7d05adc01d49d8c2387210354e59546b123ef4a33e

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    574d607c9f50ad5101180546f3babb6f

    SHA1

    4c2153569ab7465c0cff06736e06dc0254f1e179

    SHA256

    af482a23942f975015891f10bb2543273132646321483682549d04c6ef4aa5ba

    SHA512

    003834df435ac68d49e11738b39574769695d8e4b300d3e2bce2ad7c014d8b45f4cae7a2ce8446c6e5b6e3d33d9dbe62fd0fc0934bce647139f4572654729aba

  • C:\Users\Admin\AppData\Local\Temp\Cab33DF.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar3492.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\{6D4AA6F6-035D-4DE5-A5C5-4E2F10A8BD5E}

    Filesize

    128KB

    MD5

    ae192f71dd2f7eff570bf888ee711106

    SHA1

    1dc02894e4227b748f8e180ae43bc4ba7f925172

    SHA256

    3d8cde8b80e88da6a2074bf0c4b09a0556a1bc98f628ad016599ddfaeb5955c9

    SHA512

    0cd5cf312f5c56ea41010c33ea7cc8e6537e02ba38bac24a3260ed48b5d2c1f4869eb1a239d1b5bf93a16687105595d60b315e172266bb5d43893a2e13e0e7eb

  • memory/2284-528-0x00000000092A0000-0x00000000093A0000-memory.dmp

    Filesize

    1024KB

  • memory/2284-538-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-527-0x0000000071E0D000-0x0000000071E18000-memory.dmp

    Filesize

    44KB

  • memory/2284-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2284-530-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-532-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-533-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-1-0x0000000071E0D000-0x0000000071E18000-memory.dmp

    Filesize

    44KB

  • memory/2284-539-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-544-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-543-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-537-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-531-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-545-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB

  • memory/2284-546-0x0000000007D90000-0x0000000007F90000-memory.dmp

    Filesize

    2.0MB