Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 07:57

General

  • Target

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls

  • Size

    937KB

  • MD5

    f7e66c3cf52bfe85a4ec9898a9ba0a99

  • SHA1

    77ab144618b4176089eaca219297a820042d3bb5

  • SHA256

    defda2d3f9b4046bd5a3d95f4aeff3c5472068ae881702d229351810b6078ebb

  • SHA512

    60e992ea42a0cdfea2806df312bac4f3e0449a474f99c33aa0ba80cf4dc2a864cf7c613ef82aad290ea75887d72172522e9959e2b7b1e3df6d84f910e534d015

  • SSDEEP

    12288:t0dNpa6ixtr4J3yefppeb5MwoiX9XA0p+fvKRvls99vtBo3l96We/clwjEgvVcOz:t0J2D4J3yEoZ4aRebvXoVQWek1s

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    0771859f27fb7674ff04003fb9353059

    SHA1

    3fdd8546ced4a67913e4586828d2fbeb23878945

    SHA256

    7bd6977780c8fd4892b8ba7c522e05ab5933bf1e43ee12a28d2803d32977e5d3

    SHA512

    2edaf9d4d65436aa6981e62ef33568e6ad30ffe3490292be550bec346a4bc596bb62fb323738ca9635fc17a754cbf2df0d82efaae4e5815e69c34308b01107c1

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{6BB76CB6-476F-47BB-AC36-EAF211C92974}.FSD

    Filesize

    128KB

    MD5

    0c64145377ecb5772e328c653fcb5960

    SHA1

    984f2531f887857a546dbaed2cb03cd963ae0654

    SHA256

    556cf7e0070ce2ec9f9d7c3b5c9a77868498ffbea308f1d83d65afa82650c94b

    SHA512

    7a37ff16acb57659c0b4013f9fa8d5e688b22226cc83750243d9ba21b2d5c50b64e8b33549747ef90e771fbd026503485d43f1ef4ac85a2efc3cc6ca269d071c

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    2ca8919ece5d2a67ea08cd33337ef62f

    SHA1

    0c9b2451e2b942d0b8083bd710ef53cb274a62a2

    SHA256

    01879f4be662e370d77abf328970d10806a082cf1c1de316dfc319b83023d1ca

    SHA512

    e0ac390b585733e04780ab7a63c1b902de1bde308ce477eff8fcd2d07a5dc9d5b0e41c7d4dd18bf25ae0bb0fb7d08381f98b99d768d519cc8e5e7c224856f463

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    483b2aec24733f71a718f3a8f5be3a0c

    SHA1

    7462f5b1e8d3e4198142240e1d316e1eff2b47c1

    SHA256

    8ca9a3f2479517c59b6b0bf6a708ff57f688735aa14197af7fe6607abf71c8d6

    SHA512

    4c18da356c272297b271207ffa75b63a7f81d6d70c2c45b5aaee717c32dd9ec57a3d665b9076dd67711442ece2016dab20eacd61a1ac6173606865af3d5f17a4

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{E7C4A9A0-8A25-4062-A94D-F0F9354B3E51}.FSD

    Filesize

    128KB

    MD5

    8cee8d9ec30f9b72cdee138212010d5d

    SHA1

    1e02ddad83b1c61df33cd380a1d5fcad35f14b91

    SHA256

    6a626f64ed1ade20f670114020ace7072c883c208441ba21971cb8115e1bcb0c

    SHA512

    eec3095a031eed9d6e62ae3167b48b4c7c253a38af31cc61cadc5065dae1973f446282b40b2bc8f41ba1ed43bcc2a204a713ef01f463a799baab0edcf3a92aeb

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DC746291.wmf

    Filesize

    642B

    MD5

    4f03b86e4d6631c26ff5fffc7332be1d

    SHA1

    14952a78ea51df67d5b5b6c6b4de3d96ba7935bd

    SHA256

    83f4ea26254d69825486bffd1d400217aac7245c5c48fe5acc3ccdea173c4851

    SHA512

    4bed29b66444d826e89589b55dd786758ff68fcd2daf8296703d4443edb991fffce563e20db22bfb34fdb488638bbb43252392b6c105d12e721329adc2774632

  • C:\Users\Admin\AppData\Local\Temp\Cab1C69.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar1DC8.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\{C0369603-A0B0-46F0-B36B-FAD88D18EF12}

    Filesize

    128KB

    MD5

    20c5b94e1e4aed9f631ae03dd4e46ddf

    SHA1

    e9bfefb7705760691e5bc67389ac378ba19d3fda

    SHA256

    1d3d7f6f52d2c425eb86ca8118b230711d67038cacde68a2eacaaca097f3d0b5

    SHA512

    7b8150341e96f29f0961b78f4e65804754dff14b56384324ab07724eb8ec8c7095fb97a0fe4b6fe551d58ce611f33cc17748f8c085a68182626389704ab3c5ba

  • memory/1732-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/1732-1-0x0000000071B7D000-0x0000000071B88000-memory.dmp

    Filesize

    44KB

  • memory/1732-527-0x0000000008630000-0x0000000008730000-memory.dmp

    Filesize

    1024KB

  • memory/1732-541-0x0000000009E40000-0x000000000A640000-memory.dmp

    Filesize

    8.0MB

  • memory/1732-542-0x0000000009E40000-0x000000000A640000-memory.dmp

    Filesize

    8.0MB

  • memory/1732-543-0x0000000009E40000-0x000000000A640000-memory.dmp

    Filesize

    8.0MB

  • memory/1732-544-0x0000000071B7D000-0x0000000071B88000-memory.dmp

    Filesize

    44KB

  • memory/1732-545-0x0000000009E40000-0x000000000A640000-memory.dmp

    Filesize

    8.0MB

  • memory/1732-546-0x0000000009E40000-0x000000000A640000-memory.dmp

    Filesize

    8.0MB