Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02/10/2024, 01:43
Static task
static1
Behavioral task
behavioral1
Sample
fce8892fdbfb512b7bfb936d4eef5891b682f6d00419183b5e0fb7ea6acd680d.xlsx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fce8892fdbfb512b7bfb936d4eef5891b682f6d00419183b5e0fb7ea6acd680d.xlsx
Resource
win10v2004-20240802-en
General
-
Target
fce8892fdbfb512b7bfb936d4eef5891b682f6d00419183b5e0fb7ea6acd680d.xlsx
-
Size
31KB
-
MD5
503815dc63abe261247f600c61bfb909
-
SHA1
c8d05b44edd40b6be74dad475177cc991c716f60
-
SHA256
fce8892fdbfb512b7bfb936d4eef5891b682f6d00419183b5e0fb7ea6acd680d
-
SHA512
a3ac5325604a8f881db977e96bd9baf59b52c73ac2cdbea1bc2140a452f4552d4e5eca9e55b2c74a7c5db4fc8be0a8dc542c6b01327345b47a63e12d8a0ae574
-
SSDEEP
768:PSrWXBPFCio+RHwB8RGf1/yCFqgTNWVFrqERs1kpzZsFByx:PI+9CioVgGf1/jqkW3hth6FB6
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3152 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE 3152 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\fce8892fdbfb512b7bfb936d4eef5891b682f6d00419183b5e0fb7ea6acd680d.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\~$fce8892fdbfb512b7bfb936d4eef5891b682f6d00419183b5e0fb7ea6acd680d.xlsx
Filesize165B
MD5ff09371174f7c701e75f357a187c06e8
SHA157f9a638fd652922d7eb23236c80055a91724503
SHA256e4ba04959837c27019a2349015543802439e152ddc4baf4e8c7b9d2b483362a8
SHA512e4d01e5908e9f80b7732473ec6807bb7faa5425e3154d5642350f44d7220af3cffd277e0b67bcf03f1433ac26a26edb3ddd3707715b61d054b979fbb4b453882
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize1KB
MD5b13f30229ffa539716c8b425110ae291
SHA14a4a34ceb4dd201d76e33682d60c723906109724
SHA256d0bc21cfaac5121c1c6fc08cc84312f3ffa3e13b13419d1c86a6eebcb98e9ab5
SHA5129c98ad434231973d7ba115054e34c72b1e58411ebad4557d80e177b02a5cbfb3eef11e92d8f41a6a646d17048a0b1ef51ab311fd2969568e15d5800a60e66964