Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
03/10/2024, 09:30
Static task
static1
Behavioral task
behavioral1
Sample
33083e3d8cad434bfff8cdb97032babe.rtf
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
33083e3d8cad434bfff8cdb97032babe.rtf
Resource
win10v2004-20240802-en
General
-
Target
33083e3d8cad434bfff8cdb97032babe.rtf
-
Size
75KB
-
MD5
33083e3d8cad434bfff8cdb97032babe
-
SHA1
9defb395eda345c770a559ba6c46cba8226c2974
-
SHA256
85ed27cc2b2264295dfc90a985944887053ffe9a79894914ea7f69e6a7de42e2
-
SHA512
3750b71501d7412725484c72203a6440647e479fc43991199a2dfb5a4c0c5223ca9858864504d388fec1bbf94c539a1f2bcd56275698803f81bd4301e32ecf6a
-
SSDEEP
384:+uNWTVICMS5DryYNfvw5vV8Sj7OYqsg4ozn67fT5PfSsMnCbh03MNyC0DAgqh5Ji:XMyGw5vV8fYq3pz6T5SBnC903P0gwtt8
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 1728 WINWORD.EXE 1728 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 1728 WINWORD.EXE 1728 WINWORD.EXE 1728 WINWORD.EXE 1728 WINWORD.EXE 1728 WINWORD.EXE 1728 WINWORD.EXE 1728 WINWORD.EXE 1728 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\33083e3d8cad434bfff8cdb97032babe.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize2KB
MD56e2e012c65c834fca035223f81537025
SHA1ae2d3acc1f012c58d1ac4cfe691bdf8d43c0720e
SHA2569b9fd980b50cae1766569e63adff88c2a1c5d4a07ee4d402ab78b686829261b1
SHA512a16813b3c424f186ddb68f6578cf998b8cdc5b7861ad8beaef2da17f812f4655dc28fcc11476ef528b29c452d6181c778d76b85af5ea9120d083484696932a01