Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2024, 21:59
Behavioral task
behavioral1
Sample
3df3b88851509cec4316cd5ceed53b732b7e2fa936dc5632b3f5693a97e86018.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
3df3b88851509cec4316cd5ceed53b732b7e2fa936dc5632b3f5693a97e86018.xls
Resource
win10v2004-20240802-en
General
-
Target
3df3b88851509cec4316cd5ceed53b732b7e2fa936dc5632b3f5693a97e86018.xls
-
Size
58KB
-
MD5
b2fca4c22d0163ac2b494be2d4ad04de
-
SHA1
1b21837517b204811f524e5e7a0e00169ddbaa56
-
SHA256
3df3b88851509cec4316cd5ceed53b732b7e2fa936dc5632b3f5693a97e86018
-
SHA512
16ce288a1931cfc24c0f2769887540b3d2a00305852b726a6e17585085d19f187c29c922d20a2c4e9e3ee483cbab27c9e956c7855332ecb89ea34ca712482764
-
SSDEEP
384:mQGZ8h1C/9zihXcDiXfGcXkp2iS9yFVY0zAV3yqCBIjCnPny7zNc//yjYZEnAx32:mF5zihXcDiZXkpaeAZpbG//ZEGA
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 116 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE 116 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3df3b88851509cec4316cd5ceed53b732b7e2fa936dc5632b3f5693a97e86018.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:116