Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
101s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
10/07/2024, 11:05
General
-
Target
$TEMP/license.rtf
-
Size
15KB
-
MD5
f40747061b98d7118f8fb6912cd33cc3
-
SHA1
388f41d9afd06fbd2ff34283ea90aa45e383e606
-
SHA256
4288bad47334871da0ded5dc39bc0d28facb14c37ba85ddc05b131fe81ab04ab
-
SHA512
85f5234667f7d21fb1ca826c8691106f0114cbd705e62bf7f7d5756a1ca65407f29c18f8d9de63687e3dd5e1178471c20bed4665491740953e648f309abc28dd
-
SSDEEP
192:doyiNUvCHjJnUCN2N6SmtwnssQrjSx/WRMVzSTfNrYEQxTHSridjypNoS6RVIQ8N:OyUkCUSOnss1x3Q0H3mpD6R+QDVhj4
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$TEMP\license.rtf"1⤵
- Drops file in Windows directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD58d61bdf982a593c8956d9f6ec111e2b8
SHA189dbb42787ff2b00125108e44862c3428cff0f33
SHA256d3e9be6084427f04e8c335c63677920244de85448f59b48fb8323574c4c47d96
SHA5128066f876bb7e025dfca8c4043d9e6046e974454dcd3e8ba102626c789250e72359f68b58062cc303f6c41bc97b00f4bb04c884382ad053004a8f49dccbab8406
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
64KB