Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
51s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2024, 21:40
Behavioral task
behavioral1
Sample
caf382e68c15d63324bc42c21c891d7a6ece9b23f955d1b8e37c429073e9f566.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
caf382e68c15d63324bc42c21c891d7a6ece9b23f955d1b8e37c429073e9f566.xls
Resource
win10v2004-20240802-en
General
-
Target
caf382e68c15d63324bc42c21c891d7a6ece9b23f955d1b8e37c429073e9f566.xls
-
Size
298KB
-
MD5
c060b4f9d6251f6e4d1fdf394d46b8d1
-
SHA1
99c05aa7738182a0c272325f2bb73822ba76c956
-
SHA256
caf382e68c15d63324bc42c21c891d7a6ece9b23f955d1b8e37c429073e9f566
-
SHA512
274ec8f96132ede2031ba0d2f1c20cad4218d4bb3038580926a70f0603f6973e0152f999c574ae68612367f77b663f25ec107643fcbb6344421de9306959e073
-
SSDEEP
6144:/aEk3hOdsylKlgryzc4bNhZF+E+//gEDWTOI2CKMMiXn6xpK0J7dToItHQ/ePbA7:/a6W6xpK09dE
Malware Config
Signatures
-
Disables RegEdit via registry modification 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" EXCEL.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://3azu.taobao.com" EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 868 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE 868 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\caf382e68c15d63324bc42c21c891d7a6ece9b23f955d1b8e37c429073e9f566.xls"1⤵
- Disables RegEdit via registry modification
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer start page
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:868
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD563a99f0138b8b8db9b1ea7c49bf4b9fb
SHA120f81df4d9b710d478974e64c3f00f27504b454c
SHA256516eb4fe006dadc0cc6074a99a6cf572e6141766335f8198b00a0067d512ac1f
SHA512c894d763c1b772a3fcc89683f3ce7c142069106efafaad39ba98f9368a7b79310f541d6fe1aceafee7d6272df75eae2879a5d426bbaebda299a1c5e5a08b25c5
-
Filesize
302B
MD528d593471adaf398c30a72cd009d3b3b
SHA1b4e3c9b9fb57178ef4a147445fbde085c53cc420
SHA256e7e259e2475d24d00651d61b5083421d347ac6ac139f5507a14199c33154d27d
SHA512a2af2b123190e827a59ce46a3db476406fa094f746069d78384d0e11e8899af3af592572602460628572395544e896b3f6a19b5caaef3f706fc443be743082cd