Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2024, 21:58
Behavioral task
behavioral1
Sample
8df9697abdb0ae23bcb71e6db3f24a156250a14504ffadac6e372719ddf664fc.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
8df9697abdb0ae23bcb71e6db3f24a156250a14504ffadac6e372719ddf664fc.xls
Resource
win10v2004-20240802-en
General
-
Target
8df9697abdb0ae23bcb71e6db3f24a156250a14504ffadac6e372719ddf664fc.xls
-
Size
58KB
-
MD5
04fee1ae34e42e23969adcd45a1b1329
-
SHA1
9f49efc37f720fa3f5a4d295e025c748f3ec01f2
-
SHA256
8df9697abdb0ae23bcb71e6db3f24a156250a14504ffadac6e372719ddf664fc
-
SHA512
6469df1e7e9645da6ff9cf310f6daf97291d0452769989b0c7608413267f5c1346ead1d20935fefa4f9b3a93c6585134896abf253b7d84499ef95d7a984489d4
-
SSDEEP
384:iQGZ8hWC/9zihXcDiXfGcXkp2iS9yFH0zAV3yaU3ejCnPny7zNc//yjYZOnAx3dy:iFIzihXcDiZXkpDeAZZhG//7m+s
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3224 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\8df9697abdb0ae23bcb71e6db3f24a156250a14504ffadac6e372719ddf664fc.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize2KB
MD533ad8b7e46306e277a3a7665486b8e6b
SHA19af1e809e4d8651fc79e01b0117b6736d6b17d2c
SHA2565af609a1cbf5256ba27dee1532159ebe2266a135e41df8339f84a264108bd70d
SHA5126b6078ee28fe0379f16e987cc3fbc7701cdbfee3e50744b4fce44589f63b193adcb7fbd8993f09893e9d6b05e11e0c84a12d2ec32b4ac860f92b3368faeb35ec