Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15/08/2024, 22:02
Behavioral task
behavioral1
Sample
ba8f984d13c58fe745f8e184f7c74cd07d9e38273b6c730780da93e36b3dfd0f.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ba8f984d13c58fe745f8e184f7c74cd07d9e38273b6c730780da93e36b3dfd0f.xls
Resource
win10v2004-20240802-en
General
-
Target
ba8f984d13c58fe745f8e184f7c74cd07d9e38273b6c730780da93e36b3dfd0f.xls
-
Size
58KB
-
MD5
b8aa95fdf62ea915bbf17ae13d405db0
-
SHA1
4ae7a1950f237cf0145eeac56d2df887a629eb9c
-
SHA256
ba8f984d13c58fe745f8e184f7c74cd07d9e38273b6c730780da93e36b3dfd0f
-
SHA512
d46906ba200800d6b989391ad96590c319555f90fd608a5cd02c8ae98b8ca45cef8971fe9e3a4a2dc233b32a3c5901ff4c464f6336cb912b63e0845010fc1ad6
-
SSDEEP
384:XQGZ8hWC/9zihXcDiXfGcXkp2iS9yFH0zAV3yaU3ejCnPny7zNc//yjYZOnAx3dy:XFIzihXcDiZXkpDeAZZhG//7m+s
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4120 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE 4120 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ba8f984d13c58fe745f8e184f7c74cd07d9e38273b6c730780da93e36b3dfd0f.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize2KB
MD5806ec04f907f65883e395630e8617883
SHA170de40c6b364421e0ca8d2405996a3bda1330282
SHA2562df4a50e9a0552aacac56a4a3adecf28f93e504ba640b851ae7a88e119c772ae
SHA512d75ac30b4ea932c36ba0b566c80327a96fab90c5dfb928ce21540881f786d499db89735a13340ae7d039733f0b0a9f04b7774d365f0ea972f1ffb9a798909224