Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 08:06

General

  • Target

    2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls

  • Size

    1.0MB

  • MD5

    6dbae00a9d861889f83e927acf149206

  • SHA1

    9e6f807967be8592453e49978a6114b95901ecf4

  • SHA256

    b33f170fe377a820bda4ec359f18044c1e1452385e737ff33a8e47c94cf1234b

  • SHA512

    46972fa60057a7f3c78e4335e9f848dca2e0f2ebef42c3128cac5a18b500a531e24a986b709a5995dc7b5162a4b8bd3d81738335fa7b46a0a3059eec50351ff5

  • SSDEEP

    12288:DCMdFhqCSBFbYJ3Kev5ZGbJMo4iP9HA8BuXvKBfFUl9v1RQ3l16WGWkut4webeet:eMp+7YJ3KcQ5IiBurvHQVoWG9h5

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2d480c7b696975ed15cabc3709953ff3368ac88cdfcf66abd1841b1e8adbdceb.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    474c097fc998da713b90d794b9b11d0a

    SHA1

    296058e683c7f9f42efac6c8193164185e662c7a

    SHA256

    119b1b6ae7629c1b8b48161e4dcd7180622434b44efe6134acdd804a5e06d13a

    SHA512

    934e92fce0ec63d53879dac1091a5c1c4744e71df586f2f0618147a277b161800fdb7262c9a1bd1e10b70677c04218c2327308f1c966dfddc7b8785d47e20c2e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    c284d30e8d8429d7aedc107ea919bbad

    SHA1

    4a65824fc34ff4ec8f3ed844cac381968997ca0f

    SHA256

    9b1f33f29642b567b6d3d6e0f38bab8b4508aeadc55258668655582cd4866a19

    SHA512

    4a69f817926c6f168ba64fdedc7ddf5280f15e89420421cb1d07db7e653352273311ee51b637a58ad044acc45477c59161eb395a23e1bb44bd1cbeec668e8c57

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{D2808127-0DD5-412F-9428-A600BAE494E8}.FSD

    Filesize

    128KB

    MD5

    e832fdbe3cc636bc9046a2aabb87e37e

    SHA1

    8380fd804d2fdd9980b9a03b26f71edb7afbb37f

    SHA256

    f42e10cef57f6e117fd3947f29efb29d0cc87e30c7ffa07ec1be2d4cc8ec9297

    SHA512

    bffcaf559b49a5d2b1e0ac6802ba7ce6c3ff7d2f5c5bfa9ece2bc4d0ca160ff63e2cbd435013a85435dba71933f4016a1e4f51c8bc8a83a2a67fc18375b72b31

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

    Filesize

    128KB

    MD5

    9fba6e074fbade82b68f84d32e5a20b6

    SHA1

    5a1067c580e5216472bd9f05a3b00d2df9c2bb1a

    SHA256

    07f308f7baa4ce38ca0306d4911807bc148ca53ec201a4c318f34c5fa534fdc5

    SHA512

    000cc44e3bfc6a4791051cc613671c750d9b4fbcabfcc8241dade977abf3ab0ea843769fd621cb74912ad102a09f0d36b3608cefa4cb2eeea08937de7e66c5ef

  • C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{CDA73D21-E01D-427F-806A-28A428841512}.FSD

    Filesize

    128KB

    MD5

    177f4651c360494b230ca8d6cf46f72d

    SHA1

    3f58c2dfc12fab425b49307542751ffd595b938c

    SHA256

    ab7613de9826f303e2b06839db29cd2a410e5ce401daebb14aaa9927fe6703ab

    SHA512

    b71cea2d2b47b71d4b671ab111fa3333c81dc4cdf6e8c67db9e7bc07cf8db9c946de997f56a2157a6e34bae7fdf255dc8e6b1ee75ae01218e864518fbca41afc

  • C:\Users\Admin\AppData\Local\Temp\Cab2A7D.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar2B6E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • C:\Users\Admin\AppData\Local\Temp\{4940E51A-921B-461D-B53E-4CAC65996FD8}

    Filesize

    128KB

    MD5

    ada2781b6fdcd7dde2fec5f836d9cbca

    SHA1

    7e86f0bf22f07f82d2bcf2e59e0122465dd6d4ef

    SHA256

    774f0f8c2bd2f987603d3f9c5787ff12372671d6b0fff47cfb56c83a75d9c412

    SHA512

    f2e594fc25dbb1f34051ff87c1991bbab2dd991889246e2f928296f3db1153a48b10cecc4c09a2a9d5d511048d2a6614f694cf65145ef79c14fc1905949b009f

  • memory/1692-576-0x0000000009190000-0x0000000009290000-memory.dmp

    Filesize

    1024KB

  • memory/1692-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/1692-1-0x000000007278D000-0x0000000072798000-memory.dmp

    Filesize

    44KB

  • memory/1692-276-0x000000007278D000-0x0000000072798000-memory.dmp

    Filesize

    44KB

  • memory/1692-590-0x000000000A000000-0x000000000A800000-memory.dmp

    Filesize

    8.0MB

  • memory/1692-592-0x000000000A000000-0x000000000A800000-memory.dmp

    Filesize

    8.0MB

  • memory/1692-591-0x000000000A000000-0x000000000A800000-memory.dmp

    Filesize

    8.0MB

  • memory/1692-593-0x000000000A000000-0x000000000A800000-memory.dmp

    Filesize

    8.0MB

  • memory/1692-594-0x000000000A000000-0x000000000A800000-memory.dmp

    Filesize

    8.0MB

  • memory/1692-595-0x000000000A000000-0x000000000A800000-memory.dmp

    Filesize

    8.0MB