Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

00ab8a1a2b...51.doc

windows7-x64

3

00ab8a1a2b...51.doc

windows10-2004-x64

1

04bbbaf0d0...25.exe

windows7-x64

3

04bbbaf0d0...25.exe

windows10-2004-x64

3

1139a9099f...64.exe

windows7-x64

3

1139a9099f...64.exe

windows10-2004-x64

3

114a8c03ee...39.doc

windows7-x64

4

114a8c03ee...39.doc

windows10-2004-x64

1

19911c6865...fc.exe

windows7-x64

19911c6865...fc.exe

windows10-2004-x64

2299ff9c7e...6.docx

windows7-x64

4

2299ff9c7e...6.docx

windows10-2004-x64

1

2b79b44b0f...07.dll

windows7-x64

5

2b79b44b0f...07.dll

windows10-2004-x64

5

2c6638998f...2a.xls

windows7-x64

3

2c6638998f...2a.xls

windows10-2004-x64

1

35352a7ac7...ce.exe

windows7-x64

35352a7ac7...ce.exe

windows10-2004-x64

3792408618...3f.xls

windows7-x64

3

3792408618...3f.xls

windows10-2004-x64

1

3b0fd96950...ea.dll

windows7-x64

5

3b0fd96950...ea.dll

windows10-2004-x64

5

4078c6d0ff...f7.lnk

windows7-x64

3

4078c6d0ff...f7.lnk

windows10-2004-x64

7

428f4ed31c...99.dll

windows7-x64

1

428f4ed31c...99.dll

windows10-2004-x64

1

4c27f9a78c...04.ps1

windows7-x64

3

4c27f9a78c...04.ps1

windows10-2004-x64

3

4d9f557790...24.exe

windows7-x64

7

4d9f557790...24.exe

windows10-2004-x64

7

4f7848518a...6d.doc

windows7-x64

3

4f7848518a...6d.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/10/2024, 18:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f7848518acd8847a6fc4f87ca7a20ef502641426ae1bb1353df989a8edc076d.doc

  • Size

    93KB

  • MD5

    185a52380dd4165144fe2dd72558355a

  • SHA1

    7f5af7f302780d7cfb103c2bdaecec68ca5f215a

  • SHA256

    c18b0d8b31d356019772f6881cc209764a5c46e14288d62af862d45609b5de9e

  • SHA512

    4d5cd9addcf298e923bfe1afcf0e4e210879fbfc3964eb206a775ccbc0bfd070e547b3e6051d69d56efacc767db7a6718aff1bb9788bf21c3f974786e50024f9

  • SSDEEP

    768:0MJgKNEGg47XzDCAUdO7nKj3bSP1EZJ0i1y4xYko38Phe2R4DcODyZedB6UBj:mKNEG1W+nJ94J0HrmR4AOm8dpZ

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Office loads VBA resources, possible macro or embedded object present
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\4f7848518acd8847a6fc4f87ca7a20ef502641426ae1bb1353df989a8edc076d.doc"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1576
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1576-0-0x000000002F7A1000-0x000000002F7A2000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1576-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1576-2-0x000000007100D000-0x0000000071018000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1576-5-0x0000000005C50000-0x0000000005D50000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1576-6-0x000000007100D000-0x0000000071018000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1576-7-0x0000000005C50000-0x0000000005D50000-memory.dmp

      Filesize

      1024KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.