Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    44bcf11f0ea0f7abb29cf5ab332319f1ee001f3b15972d7ec13bc255ad011098.xls

  • Size

    217KB

  • Sample

    221103-ryy2zsdfer

  • MD5

    1004b0863be0a3b8cd170364665d7a93

  • SHA1

    988d78c42274621be353cafc5a1c45dadf4e9ebf

  • SHA256

    44bcf11f0ea0f7abb29cf5ab332319f1ee001f3b15972d7ec13bc255ad011098

  • SHA512

    0bcd21a0e4664dbc89400000d717ae4f1464822ad991ab6eaf852a6b46ba51a57f694af7f111bc95b9543c540e3e72f42b8612a29f98fa6d5d82814ee0ddee01

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg8yY+TAQXTHGUMEyP5p6f5jQmN:nbGUMVWlbN

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://kabaruntukrakyat.com/wp-content/B9oJ0jh/

xlm40.dropper

http://coinkub.com/wp-content/WwrJvjumS/

xlm40.dropper

https://aberractivity.hu/iqq/Dmtv/

xlm40.dropper

https://anamafegarcia.es/css/HfFXMTXvc40t/

Targets

    • Target

      44bcf11f0ea0f7abb29cf5ab332319f1ee001f3b15972d7ec13bc255ad011098.xls

    • Size

      217KB

    • MD5

      1004b0863be0a3b8cd170364665d7a93

    • SHA1

      988d78c42274621be353cafc5a1c45dadf4e9ebf

    • SHA256

      44bcf11f0ea0f7abb29cf5ab332319f1ee001f3b15972d7ec13bc255ad011098

    • SHA512

      0bcd21a0e4664dbc89400000d717ae4f1464822ad991ab6eaf852a6b46ba51a57f694af7f111bc95b9543c540e3e72f42b8612a29f98fa6d5d82814ee0ddee01

    • SSDEEP

      6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg8yY+TAQXTHGUMEyP5p6f5jQmN:nbGUMVWlbN

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks