Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
123s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
26/07/2024, 21:21
General
-
Target
$PLUGINSDIR/DefaultTab_license.rtf
-
Size
14KB
-
MD5
b97839b3cfe1f7e62ef09d5a2815ed81
-
SHA1
e569ba28d4a88a6e23551b96b3cec0e710b99487
-
SHA256
f2c89065a00e08202756cb383d3092b685dcec2075314f494df71bf8ec01fd11
-
SHA512
227a2a1b5322dd183ca7463aec8613447b8670e97011e26286d2718571ca76a6206493aee2bb3c747bdd28892ee9820e3da58e3e69e0d42051e26b112aabc221
-
SSDEEP
384:ZrPL4Pgxpgc7u2ucXCN6CCnNA9NDrclFyLkH4A2:9Og3gwu2u3N6CCnNAfAjHS
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\DefaultTab_license.rtf"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
19KB
MD54e385cbc55b8214ed9a524b09aef7821
SHA1c9ceadc37c12c0c4eb052f1cbaea0550adcdbdea
SHA2565e2a210383a45ce2c44cb3bad97fe227c1cc46721fd34f2a7e08849a72b9028d
SHA512aa42897dbf6dadb2f9048f3167f42b5b2f5d66966fcc792afdc3387c98358d17e61699e6a3144e1e28c24afcb03c28c5dbc1d5b66bc1378295c378f85cd14c8d
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
44KB
-
Filesize
44KB
-
Filesize
64KB