Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
08/09/2024, 09:16
Static task
static1
Behavioral task
behavioral1
Sample
cvery.comc345785355/Crack/hz-md3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cvery.comc345785355/Crack/hz-md3.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
cvery.comc345785355/MD_3_Users_Guide.doc
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
cvery.comc345785355/MD_3_Users_Guide.doc
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
cvery.comc345785355/Setup/MetaDraw_3_1_Install.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
cvery.comc345785355/Setup/MetaDraw_3_1_Install.exe
Resource
win10v2004-20240802-en
General
-
Target
cvery.comc345785355/MD_3_Users_Guide.doc
-
Size
1.9MB
-
MD5
99b0e23de8e89a71eeada39894fc3171
-
SHA1
dd59ca14ad12c52170c199c1d77fa22e39a812d7
-
SHA256
8bb4a4a2a6bbde823d99abf7ad17a3d20b4d549654d6dd8082caaaac8d7ec3f7
-
SHA512
a15db1cdd02ed8f497ee492cead7697e4240286c1f7a8dc95047567e59aa8af6953f1715988a3e22964f975c715cc4fc99bddb34fe6aa384f2c5326df4d98fa7
-
SSDEEP
49152:b8At8PYjtQ+jgUTLdlIfSbLLLLLLLLLLL5:/I6bLLLLLLLLLLL
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\Debug\WIA\wiatrace.log WINWORD.EXE -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WINWORD.EXE -
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2704 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2704 WINWORD.EXE 2704 WINWORD.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2704 wrote to memory of 1964 2704 WINWORD.EXE 30 PID 2704 wrote to memory of 1964 2704 WINWORD.EXE 30 PID 2704 wrote to memory of 1964 2704 WINWORD.EXE 30 PID 2704 wrote to memory of 1964 2704 WINWORD.EXE 30
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\cvery.comc345785355\MD_3_Users_Guide.doc"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122882⤵PID:1964
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD574cc4d54e5ba5e854d16cfbcef031bed
SHA1a8c9b0ea6c4430d3d79569a3959c40c5657ee111
SHA25659b6cab9ead42f007290c91504b1e48eb0edfe5236d66f55b78c366bdab72bc3
SHA5122284ebbbe43add8a50a5f18afd596ce02c16bbabda542e821f7d8f8945e4726efca489b8c313141d9e18b3aa6c120eb4b6f91297b2315a8a9468fc31e6ecc802
-
Filesize
1KB
MD5b82853133fae158c02a88e63065bf1be
SHA182637335e3e507cbd09dbd8828f43d80d56d7ed9
SHA256915330f0bff6a1920d80c1027255768d8f2ad83c424f9eed3bca79dd963084e0
SHA512c59fc791d3151af3e4f8d8c0917296bc06ca68e0e9492653d32071b467ea658a4c55be9be7e6e7883ff6e5f6a90f9a5c88dce8d34a1faffe218222556b07295f
-
Filesize
1KB
MD5a9f581a5377599e98e0a1b8d0174fe08
SHA141876fa57d3e792a7b622668da863834440d0d4b
SHA256ee4a74426a2b31e47372d150ca0ffba067f7ef8308f1e8978a3e7bea9f4db91e
SHA512aa01bb30170fbf8f92e027cc8737f449f2f9129adcf379a59a7d3e14a4d07222a7db342fd3d18c7683ce4074371bbc753eed2efe09dae3f4c78254d0359e0657
-
Filesize
468B
MD5e8c3ffdf04647729a886ea9a90ac11a7
SHA16cf912387800e53d38716e105cee456c5dfa3ecd
SHA256387ea2f551b2b4367830d9f04790edd49a5085bd3196c09a3840747758e82b01
SHA5120e2144575a9f8270d5c2b3c7bac69f57fa1106dfff067da0b09ffa69f08982c90691e0067a1a64dc9432d0f7d5556249de0013af6e75665d1ba4e5b3abf94b1e
-
Filesize
468B
MD54d8d783adffc6c4fb5ed93312a388fe0
SHA179e0445ff3ca18a636087e2d6e41181d37788003
SHA256c0d5b2f099b38045fd44b69ee8959f9edc8951378c9f570b8bd564d2bd043608
SHA512d229598d8f46e759389cfbdd26a802621bba7e9812012d85fa71b4bfd7a96930f2f7bd79a52d6aafb447c4e73ad2b700bf56a205bebdf3b3706b56f60cbb3275
-
Filesize
468B
MD580602124ce59e77a440677515b94b3e6
SHA15821973244d9bff4bb04982ae62317c05b382cba
SHA2561138b5daca1973c99a2fc90434e02f5fb7782c5523302be7521214590981fe62
SHA5127d6af561ec7679f4a75c474f5b4e7765c9c03ee961bde26c51dd8efde69e90ded4361c494641102446f59a9b4f33b2059619c5367cbcba1a440c2c47af4daafa
-
Filesize
19KB
MD5fb584f02434da5309f9b0e63d6227c00
SHA15df9b6985136e83565df92ce19658ec24ef567de
SHA2562736b54c41f053a790e87880fe5b7444858bbf98f87986de6fcd99bb123dc518
SHA5128683b703ef767a7cf94ad3c048da3582bbb8493c488efc977a28f2e031ac765c3d637c82aaabcc54e7b638d00835c9a5a1e00fb07fce2d1e3e5b1160b2977fd0