Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

emotet_v6

windows10_x64

10

emotet_doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96cbfe690490f4cfdbfdf395626f5f393deb559f0c078aecfa9facc6fdac9d54.xlsm

  • Size

    112KB

  • Sample

    220313-pw5ewahcek

  • MD5

    671bb3efb95886a8e950027099638c70

  • SHA1

    df1a9d1686fba1b6122af41481dc58713398205e

  • SHA256

    96cbfe690490f4cfdbfdf395626f5f393deb559f0c078aecfa9facc6fdac9d54

  • SHA512

    5eafd8e1812f29c11c825f436d981b8c55bf555653e2c750c2a4f0929299fa3c88f89fe22ec7a90c52530abd687f5aaec8152a8afbdea200c674f46e86c18345

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://92.255.57.195/ru/ru.html

Targets

    • Target

      96cbfe690490f4cfdbfdf395626f5f393deb559f0c078aecfa9facc6fdac9d54.xlsm

    • Size

      112KB

    • MD5

      671bb3efb95886a8e950027099638c70

    • SHA1

      df1a9d1686fba1b6122af41481dc58713398205e

    • SHA256

      96cbfe690490f4cfdbfdf395626f5f393deb559f0c078aecfa9facc6fdac9d54

    • SHA512

      5eafd8e1812f29c11c825f436d981b8c55bf555653e2c750c2a4f0929299fa3c88f89fe22ec7a90c52530abd687f5aaec8152a8afbdea200c674f46e86c18345

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks