Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4ba386fc55054b552861920518ad12c69e8d9879a3e8b2e7ec433f06f7c28d1d

  • Size

    135KB

  • Sample

    220701-fcxfgscedn

  • MD5

    44ebfece9484e234989f95405f6f8ac1

  • SHA1

    2eb0f280fa16a533279cbc786f8d351225f3b28d

  • SHA256

    4ba386fc55054b552861920518ad12c69e8d9879a3e8b2e7ec433f06f7c28d1d

  • SHA512

    008c1c8fbd0b02fdc3e982986456dad653ba19104fd2034b216ea779983ee09c4df46beb9a29e6d2b3248571db150d517acd0d3f48ecdc88123ce79e3bf56e70

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://creaception.com/wp-content/xiGNlqqqTY/

exe.dropper

http://credigas.com.br/banner/gy7r_septedp8a2-535832/

exe.dropper

http://downinthecountry.com/logsite/uBkMGLPsSs/

exe.dropper

https://ingelse.net/awstats/yBDJPpkqn/

exe.dropper

http://kelp4less.com/wp-includes/r3txlpz_ncoq6p-28/

Targets

    • Target

      4ba386fc55054b552861920518ad12c69e8d9879a3e8b2e7ec433f06f7c28d1d

    • Size

      135KB

    • MD5

      44ebfece9484e234989f95405f6f8ac1

    • SHA1

      2eb0f280fa16a533279cbc786f8d351225f3b28d

    • SHA256

      4ba386fc55054b552861920518ad12c69e8d9879a3e8b2e7ec433f06f7c28d1d

    • SHA512

      008c1c8fbd0b02fdc3e982986456dad653ba19104fd2034b216ea779983ee09c4df46beb9a29e6d2b3248571db150d517acd0d3f48ecdc88123ce79e3bf56e70

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks