Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

bb1f500a59...f5.xls

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb1f500a59544aa8e44a0377cc506dfbebca1ecb7a8c73dc72d3268803976ff5.xlsm

  • Size

    63KB

  • Sample

    220920-qp1c1sgfdm

  • MD5

    6c23aab5ed898b3b5629c8c6a91c96c3

  • SHA1

    603910f1c1df4c58bf59eec256d6957f0e0a9184

  • SHA256

    bb1f500a59544aa8e44a0377cc506dfbebca1ecb7a8c73dc72d3268803976ff5

  • SHA512

    915dd59482ff0ac1ed30f16928fe86f947d602530cb7ac3a1ac4e2b717b96f28648b8868a8ecaede5cbc1166d6a050adc9f1f5ff10680cb15a3d6b4450672685

  • SSDEEP

    1536:d0Nk3hbdlylKsgqopeJBWhZFGkE+cL2NdAKzMk9B+ooszMk9A+oos:dak3hbdlylKsgqopeJBWhZFGkE+cL2NP

Score
10/10
macroxlm

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://87.251.86.178/pp/oo.html

Targets

    • Target

      bb1f500a59544aa8e44a0377cc506dfbebca1ecb7a8c73dc72d3268803976ff5.xlsm

    • Size

      63KB

    • MD5

      6c23aab5ed898b3b5629c8c6a91c96c3

    • SHA1

      603910f1c1df4c58bf59eec256d6957f0e0a9184

    • SHA256

      bb1f500a59544aa8e44a0377cc506dfbebca1ecb7a8c73dc72d3268803976ff5

    • SHA512

      915dd59482ff0ac1ed30f16928fe86f947d602530cb7ac3a1ac4e2b717b96f28648b8868a8ecaede5cbc1166d6a050adc9f1f5ff10680cb15a3d6b4450672685

    • SSDEEP

      1536:d0Nk3hbdlylKsgqopeJBWhZFGkE+cL2NdAKzMk9B+ooszMk9A+oos:dak3hbdlylKsgqopeJBWhZFGkE+cL2NP

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks