Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
15/08/2024, 02:45
Behavioral task
behavioral1
Sample
6ab4d37d9d6731c1f1945d2dfcd63450ba79920a5b6ca4542c0c95d5d8899d22.xls
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6ab4d37d9d6731c1f1945d2dfcd63450ba79920a5b6ca4542c0c95d5d8899d22.xls
Resource
win10v2004-20240802-en
General
-
Target
6ab4d37d9d6731c1f1945d2dfcd63450ba79920a5b6ca4542c0c95d5d8899d22.xls
-
Size
64KB
-
MD5
ee6b26d24453826399ad46a8bbf4481e
-
SHA1
a3e57d3c86e656082d39bedcf66161ebec0a20b1
-
SHA256
6ab4d37d9d6731c1f1945d2dfcd63450ba79920a5b6ca4542c0c95d5d8899d22
-
SHA512
625d0cd975a54b40d2388a7f55b2bb1b39bfe87a0e9bb5c6c2a3c3c12b5019eff6404a4f4bfcac252480f88255b99a5150179c37bbbd5a9986526feadb6ed055
-
SSDEEP
1536:grxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAUPdbQ44Oh0C:grxEtjPOtioVjDGUU1qfDlaGGx+cL2Qd
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language EXCEL.EXE -
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1320 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 1320 EXCEL.EXE 1320 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1320 EXCEL.EXE 1320 EXCEL.EXE 1320 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\6ab4d37d9d6731c1f1945d2dfcd63450ba79920a5b6ca4542c0c95d5d8899d22.xls1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1320