Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

696bbe3653...88.xls

windows7-x64

3

696bbe3653...88.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/10/2024, 22:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    696bbe3653d19b6f850bcf0dd8cc2aca5804456df58da5d03aef6b940f90f788.xls

  • Size

    153KB

  • MD5

    4f2ff2e071ef56762a31c2cb3de10e77

  • SHA1

    61faf2f4879ca071f96e85f5e42fde820709d1e9

  • SHA256

    696bbe3653d19b6f850bcf0dd8cc2aca5804456df58da5d03aef6b940f90f788

  • SHA512

    47baba83eb0b3653096d8d550620a9799f1bd3d0862ed85e593439bfb77462012e949dc4c0606f01f9c1f1bd5a52ffeda517f8e9a3eb1d88ff874e7d65330248

  • SSDEEP

    3072:3g8rmjPOtyoVjDGL61EfDlaGGx+cLYIEc/Y1x7E+yqW1xH1xI491x:Q8rmjPOtyoVjDGL61EfDlavx+WYIEc/n

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\696bbe3653d19b6f850bcf0dd8cc2aca5804456df58da5d03aef6b940f90f788.xls
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2372-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2372-1-0x00000000723BD000-0x00000000723C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2372-6-0x00000000062C0000-0x00000000063C0000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2372-11-0x00000000723BD000-0x00000000723C8000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2372-12-0x00000000062C0000-0x00000000063C0000-memory.dmp

      Filesize

      1024KB

      Download