Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
34s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2024, 22:01
Behavioral task
behavioral1
Sample
db418bfef8a70e60cf51eec07ecbcacc8e5e37d8ce65d6756629b1a4f39fb00d.xls
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
db418bfef8a70e60cf51eec07ecbcacc8e5e37d8ce65d6756629b1a4f39fb00d.xls
Resource
win10v2004-20240802-en
General
-
Target
db418bfef8a70e60cf51eec07ecbcacc8e5e37d8ce65d6756629b1a4f39fb00d.xls
-
Size
58KB
-
MD5
4399099c290f42006173d1437954ef47
-
SHA1
39af346327928ef887e6d3f300c142b4ca63a7a9
-
SHA256
db418bfef8a70e60cf51eec07ecbcacc8e5e37d8ce65d6756629b1a4f39fb00d
-
SHA512
dd91efa6ff0c200a6766cb8c2af6690012818eb02d0ca67f2079ae8e3a9399ef0f9510f98109558f23421310a55867de1174d5e213e1b59d1d1078a9540108d0
-
SSDEEP
384:jQGZ8hWC/9zihXcDiXfGcXkp2iS9yFH0zAV3yaU3ejCnPny7zNc//yjYZOnAx3dy:jFIzihXcDiZXkpDeAZZhG//7m+s
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3320 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE 3320 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\db418bfef8a70e60cf51eec07ecbcacc8e5e37d8ce65d6756629b1a4f39fb00d.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3320
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize1KB
MD5463eb3baa7c10b1c2265b79029de37e8
SHA19178342d010d552d1531babe490806506323d6e1
SHA2560d19c99d35781cb5b895991df95531ebf3de778f81ced39a84063fb857c0515a
SHA5124203832f73742691f8bf9a378cc17fc1b5851d3c888d98fcaddc7fbf25324f0bb7a30d7a7644b3292d3f938f354f3ba8c303f9c0c399bd3bb308c222edaf5296