Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
56s -
max time network
57s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2024, 21:56
Behavioral task
behavioral1
Sample
069623567e5c8dbd25193aedebbeaefbdac0cf3f8c4a2a9a876ec52879bd682f.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
069623567e5c8dbd25193aedebbeaefbdac0cf3f8c4a2a9a876ec52879bd682f.xls
Resource
win10v2004-20240802-en
General
-
Target
069623567e5c8dbd25193aedebbeaefbdac0cf3f8c4a2a9a876ec52879bd682f.xls
-
Size
59KB
-
MD5
c70b0884965887cd464d06b3b3f9137d
-
SHA1
9bde25a79063e3624ba9dc3699713526f3c8b903
-
SHA256
069623567e5c8dbd25193aedebbeaefbdac0cf3f8c4a2a9a876ec52879bd682f
-
SHA512
cfa67afae1c00658cd012dd314884475fdd338439ff07cbb9e333cf47fe133a173c80d21eeb3c627c9ca975a958151d88947ef040d197df3a7043409c1ec546a
-
SSDEEP
768:QF5zihXcDiZXkpteAZWbG//PjGs+za86H:czihcDiy2AL/PjKza86H
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4712 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE 4712 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\069623567e5c8dbd25193aedebbeaefbdac0cf3f8c4a2a9a876ec52879bd682f.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4712