Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
33s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/09/2024, 22:11
Static task
static1
Behavioral task
behavioral1
Sample
4a113cd5595f0bf827e6642a2edefb02d337668486fa7beeeed9bb66fbe8f141.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4a113cd5595f0bf827e6642a2edefb02d337668486fa7beeeed9bb66fbe8f141.doc
Resource
win10v2004-20240802-en
General
-
Target
4a113cd5595f0bf827e6642a2edefb02d337668486fa7beeeed9bb66fbe8f141.doc
-
Size
52KB
-
MD5
e127fdcf56e6dd228e287ba311c3ed9a
-
SHA1
aba9f5937b2ba4d354a58acdc5e05765b48513f0
-
SHA256
4a113cd5595f0bf827e6642a2edefb02d337668486fa7beeeed9bb66fbe8f141
-
SHA512
473df90fba221098729838f068c3eae9f6ae73877d618c9b59029fd135b1d9e7e9d7c8112bf4b2c915448d4455051d9529d8b723d2ec43902729e3b1cf89d09b
-
SSDEEP
384:tjOyjHDONt8ekfqVIbuazZyGcSxwAjLi6cpVYnbH/qp2D2xz99OTd0jrnHt6dmei:tVIt8NqVQHzvfy4ecD2xz99OpU
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4200 WINWORD.EXE 4200 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE 4200 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\4a113cd5595f0bf827e6642a2edefb02d337668486fa7beeeed9bb66fbe8f141.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4200
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
262KB
MD551d32ee5bc7ab811041f799652d26e04
SHA1412193006aa3ef19e0a57e16acf86b830993024a
SHA2566230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA5125fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810
-
Filesize
16B
MD5d29962abc88624befc0135579ae485ec
SHA1e40a6458296ec6a2427bcb280572d023a9862b31
SHA256a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866
SHA5124311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize1KB
MD5f9d2b23f9b366e6f9d5a3e46abff5892
SHA17c204d153dd1a57c8b2d01b28b35b07d3a4f16ff
SHA256ecc2dbaf4834f09bafa99f4d6b6daf522c3689ace0d6a02ecf74dfd109bacdfd
SHA51260aee5c0a338b7fe859cc62aaf677dd356b30e5bfc52b4da8c37cb5d611609de3a9600d7a3219cc1e78b3b1b834aa9fcc374a0dd24d20c9dddb65afa1d3e7a03