Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f.xls

  • Size

    217KB

  • Sample

    221103-tly8bseegr

  • MD5

    4de17a7f5f149382f4a7632dfce6e079

  • SHA1

    046191f043e23361217a1805f28144cb91314f25

  • SHA256

    61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f

  • SHA512

    1dd5d95e23ce1afb29420fe2e3bfdec833d9a0d2a3dde8829f4723e74db0f559d8a838948cf4b3e2dcd3b23700056aaff1b9d9754b40bfa514b52f04e7905d28

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQmH:bbGUMVWlbH

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://aprendeconmireia.com/images/wBu/

xlm40.dropper

http://updailymail.com/cgi-bin/gBYmfqRi2utIS2n/

xlm40.dropper

https://akuntansi.itny.ac.id/asset/9aVFvYeaSKOhGBSLx/

xlm40.dropper

http://swiftwebbox.com/cgi-bin/vNqoMtQilpysJYRwtGu/

Targets

    • Target

      61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f.xls

    • Size

      217KB

    • MD5

      4de17a7f5f149382f4a7632dfce6e079

    • SHA1

      046191f043e23361217a1805f28144cb91314f25

    • SHA256

      61bf1453572a11da0b81364eaf6b11db46f8a4568c8d939baf5dcd541e6fe18f

    • SHA512

      1dd5d95e23ce1afb29420fe2e3bfdec833d9a0d2a3dde8829f4723e74db0f559d8a838948cf4b3e2dcd3b23700056aaff1b9d9754b40bfa514b52f04e7905d28

    • SSDEEP

      6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQmH:bbGUMVWlbH

    • Emotet

      Emotet is a trojan that is primarily spread through spam emails.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks