Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

Получ...и.xls

windows7_x64

10

Получ...и.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Получаване на транзакции.xls

  • Size

    2.5MB

  • Sample

    200714-mtsvcrh29j

  • MD5

    3270afb6349ded4b3adeb82aab1a2fa6

  • SHA1

    79e753a3c5e9c35241e8a06ffa56fff6189a29cf

  • SHA256

    e4238162da0854cbc8f4ce093d09b7bdde1830be20d5d1dcd32a217c619b8caa

  • SHA512

    a3243369e5d0a3ef6b587b44a83c6e82a81a4722ee841095dfef5bbdb0e7971b2e686bf20c49566a04382ccfacb16241bcbbe4f958da9b58650d030499466405

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

http://ahjuric.si/Code.txt

Targets

    • Target

      Получаване на транзакции.xls

    • Size

      2.5MB

    • MD5

      3270afb6349ded4b3adeb82aab1a2fa6

    • SHA1

      79e753a3c5e9c35241e8a06ffa56fff6189a29cf

    • SHA256

      e4238162da0854cbc8f4ce093d09b7bdde1830be20d5d1dcd32a217c619b8caa

    • SHA512

      a3243369e5d0a3ef6b587b44a83c6e82a81a4722ee841095dfef5bbdb0e7971b2e686bf20c49566a04382ccfacb16241bcbbe4f958da9b58650d030499466405

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blacklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks