Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Invoice_71...c.xlsm

windows7_x64

10

Invoice_71...c.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_711246_Inc.xlsm

  • Size

    33KB

  • Sample

    200713-9d3ewzcvwx

  • MD5

    5b9436ae9c52fe45b7b6a25f6427e7e6

  • SHA1

    e618db4bcfd5f324bdba3db7652069b51d7683b6

  • SHA256

    75b230a41dcadada3c53b50a675360a71c19d282eb0de3824fa867274d74ba6e

  • SHA512

    b2fa420e10f11fbe67c1f9b7642f7db67a7241c3c055c258152ece1f7f8709195e8e94928b97c357046c2a1054f9500999e5165936217570c40f81d89ef1baa4

Score
10/10
evasionspywaretrojan

Malware Config

Targets

    • Target

      Invoice_711246_Inc.xlsm

    • Size

      33KB

    • MD5

      5b9436ae9c52fe45b7b6a25f6427e7e6

    • SHA1

      e618db4bcfd5f324bdba3db7652069b51d7683b6

    • SHA256

      75b230a41dcadada3c53b50a675360a71c19d282eb0de3824fa867274d74ba6e

    • SHA512

      b2fa420e10f11fbe67c1f9b7642f7db67a7241c3c055c258152ece1f7f8709195e8e94928b97c357046c2a1054f9500999e5165936217570c40f81d89ef1baa4

    Score
    10/10
    evasionspywaretrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    • Modifies system certificate store

      evasionspywaretrojan

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks