Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    126s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 07:52

General

  • Target

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls

  • Size

    937KB

  • MD5

    164264e2ceb6da7b3ae11866775265ff

  • SHA1

    9c9da77e7f7a76a516fa637949b27de2c9d5aa0d

  • SHA256

    2a52039539ab0065c4a4e00df362b3ce635b66573ac27d4565e9cc4ad13ec619

  • SHA512

    e746038c144061927102976ee9fe7c2aba556d54cac5a760061bd470d263e250cb90b450c2a95ddfdfc1377bbf5ac611ad54831a44f6a0f9fb765fb5244bd6b3

  • SSDEEP

    12288:t0dNpa6ixtr4J3yefppeb5MwoiX9XA0p+fvKRvls99vtBo3l96We/cLwjEgvVcOf:t0J2D4J3yEoZ4aRebvXoVQWekbM

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    0b54d1935a14caa2041e991c7bf5fab0

    SHA1

    de6c6432546aa65675da6cb2de662440c42ec8e9

    SHA256

    6b20d38693920b656d6e963230f12ebe35cbfe9cd0e7cbb1413983fbc94d85ed

    SHA512

    dabcb7235654058dcc8dc29efec5ff614c12758eecacc2a779df4f45847dc68b64cbeb915991b13942e94374bd9b855f6a7135a3523921f6f1a5d3885ca02883

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{DB5F3979-0BC1-441E-B8DE-E53C81610909}.FSD

    Filesize

    128KB

    MD5

    109fc51cd0748cb88ebad94c96c33f0a

    SHA1

    09f12ce67dba6f89288d2acaf5def713015c17e3

    SHA256

    f5835716d548b9d3da2a81f769d069aa1378749056a32c7ae9e929da32c48130

    SHA512

    7e18d337e77a8cd8478d9134a35e282374074c76bf8c093b102626621fe1fa5d38872ea54602b77cdb2ea7f0d8a4ace36e8d1ba48b180dd066045ec989b7455b

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    20ccbf9096d1eb26178e8c325316e62b

    SHA1

    a5243e67defe20599a9e379c01c96ebb20d04058

    SHA256

    a4842da6f2d276d587e1d3c7d4cf20cbb222f46d7d99b0b90457cb206d27d967

    SHA512

    fd6d70ad0d57f4a90b59b896d77047646f93994d22548bc58bdfe4b4630d82ccce418184ac1e29f4d5719e5f2eb0996c186fe94d9f0a6d7a5fa010038dd76e72

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    4bc236fec8e062319e22ee5d8036d6ce

    SHA1

    534638440a8bda9de95337af97a07566d7c52202

    SHA256

    3ced91e39c547c1e074cb0a441c6d1836dccfec31603100bd2d198413c6f70f6

    SHA512

    6ef46ea1146c6c548c442149eb69a94284ab86094ed99be86b42c24af73d0955299df7405586341556eb644c7a4497556067eb2eae7b8dad114ac1298da36ea2

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E2873D9.wmf

    Filesize

    642B

    MD5

    4f03b86e4d6631c26ff5fffc7332be1d

    SHA1

    14952a78ea51df67d5b5b6c6b4de3d96ba7935bd

    SHA256

    83f4ea26254d69825486bffd1d400217aac7245c5c48fe5acc3ccdea173c4851

    SHA512

    4bed29b66444d826e89589b55dd786758ff68fcd2daf8296703d4443edb991fffce563e20db22bfb34fdb488638bbb43252392b6c105d12e721329adc2774632

  • C:\Users\Admin\AppData\Local\Temp\Tar1B06.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\{09AE85F9-40E5-4D9C-9C17-C1BBBC44EBAC}

    Filesize

    128KB

    MD5

    bfd33d3d17d4633397fce365646ba42b

    SHA1

    86e5e3767f24fa3e45978faf20b6c338044ab9d1

    SHA256

    73aec4bcd27c6dd7118db1b12a3572b9e1027d098577e745575239d68065d1c5

    SHA512

    a24769ef24f5b24f85c403aaef68bf13655cfcef614ce14e27e1730f125cc2b0b13e89d0b9104022c2d04c99269121d1dc78c560d5e9edd0384a793c30b25291

  • memory/756-333-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-344-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-331-0x0000000008E50000-0x0000000008F50000-memory.dmp

    Filesize

    1024KB

  • memory/756-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/756-336-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-347-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-346-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-1-0x0000000072CCD000-0x0000000072CD8000-memory.dmp

    Filesize

    44KB

  • memory/756-341-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-334-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-335-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-348-0x0000000072CCD000-0x0000000072CD8000-memory.dmp

    Filesize

    44KB

  • memory/756-349-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-350-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB

  • memory/756-351-0x0000000007DA0000-0x0000000007FA0000-memory.dmp

    Filesize

    2.0MB