Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f.xls
-
Size
217KB
-
Sample
221103-tly8bseegr
-
MD5
4de17a7f5f149382f4a7632dfce6e079
-
SHA1
046191f043e23361217a1805f28144cb91314f25
-
SHA256
61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f
-
SHA512
1dd5d95e23ce1afb29420fe2e3bfdec833d9a0d2a3dde8829f4723e74db0f559d8a838948cf4b3e2dcd3b23700056aaff1b9d9754b40bfa514b52f04e7905d28
-
SSDEEP
6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQmH:bbGUMVWlbH
Behavioral task
behavioral1
Sample
61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f.xls
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f.xls
Resource
win10-20220812-en
Malware Config
Extracted
https://aprendeconmireia.com/images/wBu/
http://updailymail.com/cgi-bin/gBYmfqRi2utIS2n/
https://akuntansi.itny.ac.id/asset/9aVFvYeaSKOhGBSLx/
http://swiftwebbox.com/cgi-bin/vNqoMtQilpysJYRwtGu/
Targets
-
-
Target
61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f.xls
-
Size
217KB
-
MD5
4de17a7f5f149382f4a7632dfce6e079
-
SHA1
046191f043e23361217a1805f28144cb91314f25
-
SHA256
61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f
-
SHA512
1dd5d95e23ce1afb29420fe2e3bfdec833d9a0d2a3dde8829f4723e74db0f559d8a838948cf4b3e2dcd3b23700056aaff1b9d9754b40bfa514b52f04e7905d28
-
SSDEEP
6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQmH:bbGUMVWlbH
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-