Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10ec4f09f82d...d3.exe
windows10-2004-x64
10efd97b1038...ea4.js
windows10-2004-x64
3emotet_exe...04.exe
windows10-2004-x64
10emotet_exe...23.exe
windows10-2004-x64
10eupdate.exe
windows10-2004-x64
7f4f47c67be...3f.exe
windows10-2004-x64
10fb5d110ced...9c.exe
windows10-2004-x64
6fee15285c3...35.exe
windows10-2004-x64
10file(1).exe
windows10-2004-x64
1file.exe
windows10-2004-x64
7gjMEi6eG.exe
windows10-2004-x64
10good.exe
windows10-2004-x64
10hyundai st...1).exe
windows10-2004-x64
10hyundai st...10.exe
windows10-2004-x64
10infected d...er.exe
windows10-2004-x64
10inps_979.xls
windows10-2004-x64
1jar.jar
windows10-2004-x64
10june9.dll
windows10-2004-x64
10mouse_2.exe
windows10-2004-x64
10oof.exe
windows10-2004-x64
3openme.exe
windows10-2004-x64
10ou55sg33s_1.exe
windows10-2004-x64
10senate.dll
windows10-2004-x64
10starticon3.exe
windows10-2004-x64
10str.dll
windows10-2004-x64
10svchost.exe
windows10-2004-x64
10update.exe
windows10-2004-x64
10vir1.xlsx
windows10-2004-x64
1wwf[1].exe
windows10-2004-x64
10xNet.dll
windows10-2004-x64
1전산 및...��.exe
windows10-2004-x64
10전산 및...�1.exe
windows10-2004-x64
10Analysis
-
max time kernel
133s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2024, 19:31
Static task
static1
Behavioral task
behavioral1
Sample
ec4f09f82d932cdd40700a74a8875b73a783cbaab1f313286adf615a5336d7d3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
efd97b1038e063779fb32a3ab35adc481679a5c6c8e3f4f69c44987ff08b6ea4.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
emotet_exe_e1_ef536781ae8be4b67a7fb8aa562d84994ad250d97d5606115b6f4e6e2992363f_2020-11-17__174504.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral4
Sample
emotet_exe_e3_93074e9fbde60e4182f5d763bac7762f2d4e2fcf9baf457b6f12e7696b3562c1_2020-11-17__182823.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
eupdate.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
f4f47c67be61d386e7d757ff89825fa630dd5cc4ed600b5471f9cc18c21e983f.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
fb5d110ced698b06c6cb8c7112792a2d37c579dcd9bde808310cb8dc88e16d9c.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
fee15285c36fa7e28e28c7bb9b4cd3940ef12b9907de59d11ab6e2376416d35.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
file(1).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
file.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
gjMEi6eG.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
good.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
hyundai steel-pipe- job 8010(1).exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
hyundai steel-pipe- job 8010.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
infected dot net installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
inps_979.xls
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
jar.jar
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
june9.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
mouse_2.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral20
Sample
oof.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
openme.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral22
Sample
ou55sg33s_1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
senate.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral24
Sample
starticon3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
str.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral26
Sample
svchost.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
update.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral28
Sample
vir1.xlsx
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
wwf[1].exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral30
Sample
xNet.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
전산 및 비전산자료 보존 요청서(20200525)_꼭 확인하시고 자료보존해주세요.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral32
Sample
전산 및 비전산자료 보존 요청서(20200525)_꼭 확인하시고 자료보존해주세요1.exe
Resource
win10v2004-20241007-en
General
-
Target
inps_979.xls
-
Size
228KB
-
MD5
56fc044937a072471fdd8d63b874e04a
-
SHA1
738552f8db33ac0271aa860775815f3d1b291980
-
SHA256
59afe59cdbebf60434bd78270826ca9689c3765264dfcace312b89c606c0a962
-
SHA512
dbaf2e36ec17d474c829d847705de796bea153b784c8e894d4ff7bebb3bfcdf01447d97f217d9303e0eed5aa9b39046b75b2581331be28771582af2ea48c960b
-
SSDEEP
3072:bfMhNhd8o7Vym+BoOvuuUVZV/AHyhb3/7428JMPvjLJKHpEYC5ZNWehxleT0t:bfMhL70DBoOmf1FbAJMWEYC5Z3leA
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4904 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 4904 EXCEL.EXE 4904 EXCEL.EXE 4904 EXCEL.EXE 4904 EXCEL.EXE 4904 EXCEL.EXE 4904 EXCEL.EXE 4904 EXCEL.EXE 4904 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\inps_979.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4904