Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
04/10/2024, 22:09
Static task
static1
Behavioral task
behavioral1
Sample
86f944531d069f9e05bb4e511da597dc75c3792b2a6f5be0e76f5edba767b30a.docx
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
86f944531d069f9e05bb4e511da597dc75c3792b2a6f5be0e76f5edba767b30a.docx
Resource
win10v2004-20240802-en
General
-
Target
86f944531d069f9e05bb4e511da597dc75c3792b2a6f5be0e76f5edba767b30a.docx
-
Size
10KB
-
MD5
c06920fb3837530519e3e5a23ebb25b8
-
SHA1
e53bd31d1c720eb552d1c2282ea17407654372a3
-
SHA256
86f944531d069f9e05bb4e511da597dc75c3792b2a6f5be0e76f5edba767b30a
-
SHA512
b63e11db0adb88b792c7b88172cc94de126b25721138ec26d4b0f5cd834e8fa0d64f4b5043e5890f88954ebbdf6c21692d3ad9b3cff840e47cad6e8bda96a584
-
SSDEEP
192:OEhM6yD7Z/c+8poF1d3jvvtlN9264wpCGhe3b8UfrGxjPCUUuf5U:OqJGcfa7pr1lN92hwkGA3b9fyxjPCzuq
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WINWORD.EXE -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Local\Temp\http:\172.31.102.226:8000\index.html! WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2080 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2080 WINWORD.EXE 2080 WINWORD.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\86f944531d069f9e05bb4e511da597dc75c3792b2a6f5be0e76f5edba767b30a.docx"1⤵
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2080
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
Filesize128KB
MD50800b30c3ae9ffc5d8e35e9ead8f1ba5
SHA1de364834cf38ac499d822798c00d1f37e0ae207c
SHA256623438c686cf188e0e218b6e227805dee1c1009677894db6125ac2cbd0a367ee
SHA5121ac5dcd709a15d5aab011222ddca7675f151e145ef68b663f9750e30ffee541fef8a7549ffe7fca6ad6fb25d51116de81869abc81a995ff9e1ba222918bf7379
-
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{CA7F3305-D7EE-4A01-9679-6F8416B76B2A}.FSD
Filesize128KB
MD51e59916d81af1fd8b6bdb3c9fe1d5a0a
SHA12a81eed5ffbded3b06db065f799cb1b114af000f
SHA256592726688dc91c0365f4200c13b84275243d93ebf1f3e1866f3fa2aceb99c854
SHA51222f2c5c39f3b3aaef88c6e2af8ccb6053a2e40ca9f6f3b02085209f1cf016d7c9b3d543c8616baeea711906207e556ec8c86dfdfc8736ba48b88ae5dfaacea6a
-
Filesize
128KB
MD5c337c90575a0be101037026d14718baf
SHA114b71ba62b1664c6104f965d8afe40374eaa0e38
SHA25604718a54a9057ca9f1f67eb3a060a542416369e7a5aa87a061ca09f0eb140f58
SHA5120a754fd5690aeb5dcfbaa70071787f5fed2d4346e43b59d47f9998d7e3933583539ca45b675bd56160da07381a39ea73f713919537c3f1972edaab3ec2a1a667