Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 07:52

General

  • Target

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls

  • Size

    937KB

  • MD5

    164264e2ceb6da7b3ae11866775265ff

  • SHA1

    9c9da77e7f7a76a516fa637949b27de2c9d5aa0d

  • SHA256

    2a52039539ab0065c4a4e00df362b3ce635b66573ac27d4565e9cc4ad13ec619

  • SHA512

    e746038c144061927102976ee9fe7c2aba556d54cac5a760061bd470d263e250cb90b450c2a95ddfdfc1377bbf5ac611ad54831a44f6a0f9fb765fb5244bd6b3

  • SSDEEP

    12288:t0dNpa6ixtr4J3yefppeb5MwoiX9XA0p+fvKRvls99vtBo3l96We/cLwjEgvVcOf:t0J2D4J3yEoZ4aRebvXoVQWekbM

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    ff9f81cac1a09314ab3b40accd03432d

    SHA1

    bb69f902ce79be3fb0dbe4ad8df7d1fd74f4cff1

    SHA256

    63d007e18e831ef4854df4bd1994f41aa59c14ff6cf205b30338c836b0b76b06

    SHA512

    aecc55275b1aa586866634b648f2bb7857b9d857da1c2a06aa4ffabf9ed5c939be9d281d12f1fdaeb0eccad692af4c18cb35939a5882f3b26e47a7fa8664e156

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{9A12E7AA-E62B-4BF6-A305-367022449C8B}.FSD

    Filesize

    128KB

    MD5

    8f26aa62a752756d1d35607bd312dd58

    SHA1

    6b26cc91c969f8e2dadb4dfa910a153f6470a638

    SHA256

    e4440895ff25ebbe90f7ae036c6b37297a067774c488b1876b8b6596f9463f54

    SHA512

    7453f33632f4981c8ed4f58edaaed68df36af35377c43e5a9e7ddd274eb31d682903bb739e4d06872ac4aca12572280a2d45ddc9b521727d85f4e540259a779f

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    8602d052f0c6224916b672d0cbdb3173

    SHA1

    d12f11098c5f20b4f7b66bf8f461b3d4d1d4ca3b

    SHA256

    dee84cde170fb0af037bdbfc5a74a61d13272e9646552368d53c7c438251a6b0

    SHA512

    613c00f566ae367e7a8120be856f188344c57074aa0e79a015999404075e2724a3fb33153b0a4d86fccde874a404b40add1c443b19c548dfa5fd4bed92056506

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{EF38D149-56BA-4F38-B07D-07A180EB6A31}.FSD

    Filesize

    128KB

    MD5

    6cbb5418fb34d5fc2f3acbaf4f0de589

    SHA1

    09706ca3030c5d018aaab77f05e81d58d1b6e149

    SHA256

    2576173e66e257412c933be9d0a610608ebe8a75049cf224bb9dd2aaedaa0cb4

    SHA512

    d3599e6f3599863611ab3d3dd95b613f0f941bbd1ed44121ef235e09cef3aa66f36d878a553baa003e86aa633c521c13b480e29e5cf192befbed64abf5e78265

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F35B4985.wmf

    Filesize

    642B

    MD5

    4f03b86e4d6631c26ff5fffc7332be1d

    SHA1

    14952a78ea51df67d5b5b6c6b4de3d96ba7935bd

    SHA256

    83f4ea26254d69825486bffd1d400217aac7245c5c48fe5acc3ccdea173c4851

    SHA512

    4bed29b66444d826e89589b55dd786758ff68fcd2daf8296703d4443edb991fffce563e20db22bfb34fdb488638bbb43252392b6c105d12e721329adc2774632

  • C:\Users\Admin\AppData\Local\Temp\Cab1883.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar19B2.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\{CD2FD192-5D2B-447D-A7B0-1E011AC0554E}

    Filesize

    128KB

    MD5

    f000918cd024af28363b388c8709e146

    SHA1

    fe2169158dfdb2d3b1ded2ead4651f3d185ebed4

    SHA256

    7e752e9262a8d23837b84d2d72c67034791438d649a5c4317b4f247cee1edfe6

    SHA512

    136078ea3737cb298fa3784dea4528e749b2f7ab49d9abdb55d42d967b0201d0862c3c67aafed1827676772bf82af8711ae0e53926313589a4c16e90511c4d2b

  • memory/2336-400-0x00000000087B0000-0x00000000088B0000-memory.dmp

    Filesize

    1024KB

  • memory/2336-411-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2336-402-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-405-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-406-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-415-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-417-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-416-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-1-0x0000000071F8D000-0x0000000071F98000-memory.dmp

    Filesize

    44KB

  • memory/2336-409-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-410-0x0000000071F8D000-0x0000000071F98000-memory.dmp

    Filesize

    44KB

  • memory/2336-404-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-403-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-418-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-419-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB

  • memory/2336-420-0x0000000009020000-0x0000000009220000-memory.dmp

    Filesize

    2.0MB