Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
139s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system -
submitted
28/09/2024, 22:53
Static task
static1
Behavioral task
behavioral1
Sample
Siparis_17.xls
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
Siparis_17.xls
Resource
win10v2004-20240802-en
General
-
Target
Siparis_17.xls
-
Size
116KB
-
MD5
9e3cc5eacda911d2da86fa35fc49a73e
-
SHA1
b3b61ae6eb61d9b713b6cfb3a2185bc07d23dfa5
-
SHA256
288eeeefb4798cc91a55f1bf73a81f961f96dc81439c3f0bce526a7597194888
-
SHA512
5363944c4039f0cf6c25e2144847f3f0d225188eeadedea3437ff69819a5a15b35d977ff0e351e0a08141a11a620102b2097e0e7e38125e4632f3c2a6ea6795b
-
SSDEEP
768:mNYYFFYYNU0AuAAJfffFd9sdfDf7cFFXx2Z2KJOyyyiMZ5u9XX0223f:mNYYFFYYbAuAAzd9sdfDfA80KJFY9XXk
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4488 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
pid Process 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE 4488 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Siparis_17.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4488