Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

490f59b681...2.xlsm

windows7-x64

10

490f59b681...2.xlsm

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2024, 00:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    490f59b6811ec8987f87b244200f6c5b377babdcf597181bbd71fa5d61301152.xlsm

  • Size

    46KB

  • MD5

    49a8bfaf36adce55366c3063f9682182

  • SHA1

    1bd16833b90c27c08d0c2e2bf4584b6cb87a21ab

  • SHA256

    490f59b6811ec8987f87b244200f6c5b377babdcf597181bbd71fa5d61301152

  • SHA512

    b9a361117bf5cb9c06a9b2aa612964b19da05c7d3af6f87e0c51c749a06fa1fafdfeb02dee6e571c79074b76b6eb38a630003d416caa2e5f3c6bea56b9228904

  • SSDEEP

    768:hGovDOevZCwrvtBtfzdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Uh0VU2fUPZa:wovDztT5fTR4Lh1NisFYBc3cr+UqVU5c

Score
10/10
discovery

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://touqarrayan.com/wp-content/RoiB/
xlm40.dropper

http://nayzaqaljanoob-iq.com/sapbush/tylhe1/
xlm40.dropper

http://cabinet-bribech.com/wp/DyMNglRY5B4abPy1hH/
xlm40.dropper

http://retailhpsinterview.com/cgi-bin/dJp9RYh/
xlm40.dropper

https://lisalmcgee.com/images/xpl7i1ETzHPwaFd89HS/
xlm40.dropper

https://collision-staging.com/wp-content/94PQ1/

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\490f59b6811ec8987f87b244200f6c5b377babdcf597181bbd71fa5d61301152.xlsm
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1736-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1736-1-0x00000000720CD000-0x00000000720D8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1736-4-0x00000000720CD000-0x00000000720D8000-memory.dmp

    Filesize

    44KB

    Download