Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Information.xlsb

windows7_x64

10

Information.xlsb

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Information.xlsb

  • Size

    20KB

  • Sample

    201113-72m4k28fbs

  • MD5

    4dddb0320eac6050d6360c92c104d05c

  • SHA1

    816db7af62de3dc200b88357a5341c6ce184cc93

  • SHA256

    ae87b82d817d363b159e072be2e2017dfe0bcf7fd3bc6a7c9dee0ff885eefc5f

  • SHA512

    b177b5faa839aeead6c9c732b0182b928903dd34e02d968b95cd93b2f3f01c3b72043c9dafcb6a96a9d1eeb67e4e12abaf537f7ac32b3d166d7f82914844881d

Score
10/10
ursnif_rm3bankertrojan

Malware Config

Targets

    • Target

      Information.xlsb

    • Size

      20KB

    • MD5

      4dddb0320eac6050d6360c92c104d05c

    • SHA1

      816db7af62de3dc200b88357a5341c6ce184cc93

    • SHA256

      ae87b82d817d363b159e072be2e2017dfe0bcf7fd3bc6a7c9dee0ff885eefc5f

    • SHA512

      b177b5faa839aeead6c9c732b0182b928903dd34e02d968b95cd93b2f3f01c3b72043c9dafcb6a96a9d1eeb67e4e12abaf537f7ac32b3d166d7f82914844881d

    Score
    10/10
    ursnif_rm3bankertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Ursnif RM3

      A heavily modified version of Ursnif discovered in the wild.

      bankertrojanursnif_rm3

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.