Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
61s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
09/07/2024, 08:05
Static task
static1
Behavioral task
behavioral1
Sample
citat-05012024.xls
Resource
win7-20240705-en
4 signatures
150 seconds
General
-
Target
citat-05012024.xls
-
Size
220KB
-
MD5
43dd16c631684179012c5b8b8901eedd
-
SHA1
18b14169273a97afaafa201394d39cd799800af5
-
SHA256
3bed1c2adfd863d75072ad0310f339b494c21e9421504431476be9bdfdfc2476
-
SHA512
d3020e09923246f930c7f55828770642503c3c9f803ba2acca362cbb7424c1026f5f8aa2ca31d19cacd530c0bfb50e2e8de8770b4e3fa3e5b8ea5880281cf69d
-
SSDEEP
6144:w0Lf5C7SIcnnc47LjdPM6DsGImZT0U/FQ9RIQkefyBfNK:w0LfE7Anc2j6ondQM2yNNK
Score
1/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 600 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 600 EXCEL.EXE 600 EXCEL.EXE 600 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\citat-05012024.xls1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:600