Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

55225 NEL1334605.xlsm

windows7_x64

1

55225 NEL1334605.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55225 NEL1334605.xlsm

  • Size

    39KB

  • Sample

    200714-nkbw65t992

  • MD5

    235326560f595b807aa52df22e8d5e69

  • SHA1

    c0266c830b5287c1a0fc2c00c696040b10092ca4

  • SHA256

    e8d122c430ae8e186fe266a63511405aa82465e5aaf92d8fb1934533b2eb0dc4

  • SHA512

    6502bdcce9d3d615b0f87d678b86b986dc493139d20fe8d830c8bc0aecb90ccf3458582fc9ca96af17a27c09e471db325a910dad90dfd6f9448785b7b13cb085

Score
10/10

Malware Config

Targets

    • Target

      55225 NEL1334605.xlsm

    • Size

      39KB

    • MD5

      235326560f595b807aa52df22e8d5e69

    • SHA1

      c0266c830b5287c1a0fc2c00c696040b10092ca4

    • SHA256

      e8d122c430ae8e186fe266a63511405aa82465e5aaf92d8fb1934533b2eb0dc4

    • SHA512

      6502bdcce9d3d615b0f87d678b86b986dc493139d20fe8d830c8bc0aecb90ccf3458582fc9ca96af17a27c09e471db325a910dad90dfd6f9448785b7b13cb085

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks