Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 08:05

General

  • Target

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls

  • Size

    1.0MB

  • MD5

    8c545dd587fa71f85835f947e6d85b14

  • SHA1

    995f48353255ab855f43fa73cfac360a5e88fedf

  • SHA256

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb

  • SHA512

    1f1dd436b8432f1f6b839eaa260ad724bbc21478680d094fc000af9794e3b0f606c9250c1d94f77c684d89be1d82cd204c5c488ccca703eb9ddb86c178795b6f

  • SSDEEP

    12288:nDMduhqCSBkbYJ3KeJ5ZSbJMo4iW9HA5BuXvKB/FU/9v4RQ3l16WGZHHv7iMnCdn:DMm+sYJ3KaT8IiBO1vIQVoWGVYD

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    0a7dc9926dadf2ee6185c527d3e49094

    SHA1

    f683d47523eb19ca10304f3f6aab94402851013b

    SHA256

    7f7e82cec3b2b769c3f3fa976ea4707b7fa4a41e434dca6a7adfcf77824de905

    SHA512

    d27715f4d0746cfd6aaf118ea4c8e24be48be61b529388990d957782e4686aea60782151cd45d35914902644e6b711ab96c0e4149d668778254d8875809c7987

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    f8116dc7959ba1362c64d1be7654d54c

    SHA1

    e7aee9fadffbe2eb586dde3ee7e44e37b73348e2

    SHA256

    4de0f27b7952b569499c315f141bc4636e32540d23aa199375fe4c3001fa881f

    SHA512

    3d7063087d769e9f93d73404c87410a771d45963f4814c6d9490c87b61bf3a9f2127e2c7efd6f9c09273125b9bd3843ab738ed73ee0e4e82b3b2def21059bb09

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{B569DCE1-1270-4372-988A-C798556B2299}.FSD

    Filesize

    128KB

    MD5

    d6bf04274fff562c01b8a409019e772c

    SHA1

    f650a6ee4dab4f89035db259473e539c9cc8440e

    SHA256

    fde82143689a0cb2e80e8eee8649348457ade9cc58a03b09c4c3c26392b4c377

    SHA512

    f59d4fff6ac5f43679c0b705f8505f16e427221d18dd18f9c09fde174f8ccc46d193b4ca58681fc5b8e647d170f5b021cd9289f7de6e8f43126e6829eea31421

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    b42afc9bc9590f95c97e68320d254633

    SHA1

    bc9c51f38c0e2e186a41ec6f123d88cabeb87fac

    SHA256

    7f2f8c8e192474cc9597eb3432213059dc65b94c260413456d43407a1ab898d9

    SHA512

    1ec9cf57e1d707c235a491e11e08174dc38fbc0ca0e74fba2a8b755699ae139b2353d5797ba6b7fcf9aa5703a406d3424aed522857ab821be5eca0a3c451b15d

  • C:\Users\Admin\AppData\Local\Temp\Tar1B44.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\{155401B7-E3BC-4983-950B-7D35E577BC09}

    Filesize

    128KB

    MD5

    215d9a8f41dac107694c79794f7a4a62

    SHA1

    b023c0d8fbd65469357bec53fbe5c08ae58466b4

    SHA256

    71fe5857c5384ea4e9e32d636b6b8f4d0af20d8cab8b34032f04a270adb51f29

    SHA512

    bf0fd1bc92a0ca2181dec416ed16b0db544c7794694f547f1dbf0646c5f3fee8a64aca667a0c26ac3b438c81e373a3d7b79727a30b8941b82a8398dc67b99586

  • memory/1368-644-0x0000000009F50000-0x000000000A750000-memory.dmp

    Filesize

    8.0MB

  • memory/1368-1-0x0000000071D4D000-0x0000000071D58000-memory.dmp

    Filesize

    44KB

  • memory/1368-630-0x0000000009090000-0x0000000009190000-memory.dmp

    Filesize

    1024KB

  • memory/1368-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/1368-645-0x0000000009F50000-0x000000000A750000-memory.dmp

    Filesize

    8.0MB

  • memory/1368-646-0x0000000009F50000-0x000000000A750000-memory.dmp

    Filesize

    8.0MB

  • memory/1368-647-0x0000000071D4D000-0x0000000071D58000-memory.dmp

    Filesize

    44KB

  • memory/1368-648-0x0000000009F50000-0x000000000A750000-memory.dmp

    Filesize

    8.0MB

  • memory/1368-649-0x0000000009F50000-0x000000000A750000-memory.dmp

    Filesize

    8.0MB

  • memory/1368-650-0x0000000009F50000-0x000000000A750000-memory.dmp

    Filesize

    8.0MB