Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

baddoc.doc

windows7-x64

10

baddoc.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    baddoc.doc

  • Size

    1.5MB

  • Sample

    220907-ratglaheaq

  • MD5

    0c4540f659d3942a28f158bce7be1143

  • SHA1

    d1cc0f861f162dfbf9df1493fe861d02b80483f6

  • SHA256

    37e259d6564071807b7b4266ed1dd8bf2059f3e7f438b8487dd0149e5e0487ec

  • SHA512

    9b611fe0d00cc08bfa72cb7723af64f29b58e4db68d32ca07effa8e90fb7c8fd46a3a48b8b00d1e1dba09b4514bfb3c447ea59da5b4ac90797728cffa03313b0

  • SSDEEP

    24576:WcuQXAlhOOZQ3XkaL17MlNuoQPc2V5TBDR4AtPe1LFGZ2KaO+79Gh8B:z53ClNADSDB7A8B

Score
10/10
macromacro_on_actionpersistence

Malware Config

Targets

    • Target

      baddoc.doc

    • Size

      1.5MB

    • MD5

      0c4540f659d3942a28f158bce7be1143

    • SHA1

      d1cc0f861f162dfbf9df1493fe861d02b80483f6

    • SHA256

      37e259d6564071807b7b4266ed1dd8bf2059f3e7f438b8487dd0149e5e0487ec

    • SHA512

      9b611fe0d00cc08bfa72cb7723af64f29b58e4db68d32ca07effa8e90fb7c8fd46a3a48b8b00d1e1dba09b4514bfb3c447ea59da5b4ac90797728cffa03313b0

    • SSDEEP

      24576:WcuQXAlhOOZQ3XkaL17MlNuoQPc2V5TBDR4AtPe1LFGZ2KaO+79Gh8B:z53ClNADSDB7A8B

    Score
    10/10
    persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks