189f0ab021c39b7e837691b536c320ff30d20de3c27c938176ce3f0cc317987a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

SecuriteIn...82.rtf

windows7-x64

SecuriteIn...82.rtf

windows10-2004-x64

1

Sharing

General

Target

SecuriteInfo.com.Exploit.CVE-2018-0798.4.7696.22882.rtf
Size

6KB
Sample

230107-c1apvace77
MD5

5036c5caf4d3839c4768b846b2026b49
SHA1

05971e6e13b6a5e88ec50ae43fe89874516e88e6
SHA256

189f0ab021c39b7e837691b536c320ff30d20de3c27c938176ce3f0cc317987a
SHA512

4533f52b813929a5f6b344cf823619ba5b976f2b644071b7ab0c32bb4746cb3bab6eac0bf75e2a6103cbd8a14752d21d40abc7cb1ab5e01fd3025575c84c8a1f
SSDEEP

96:3UfUBpr9AuwfChEJcKrKJr4S545im7e/EhZiC+6ZVX8tXaH8r1i6DdEAFWU+LPoX:37pEJcl15X0e/MiqwashDdEAmLPm

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Exploit.CVE-2018-0798.4.7696.22882.rtf

Resource

win7-20221111-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Exploit.CVE-2018-0798.4.7696.22882.rtf

Resource

win10v2004-20220901-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://172.174.176.153/dll/NoStartUp.ppam

Targets

- Target
  
  SecuriteInfo.com.Exploit.CVE-2018-0798.4.7696.22882.rtf
- Size
  
  6KB
- MD5
  
  5036c5caf4d3839c4768b846b2026b49
- SHA1
  
  05971e6e13b6a5e88ec50ae43fe89874516e88e6
- SHA256
  
  189f0ab021c39b7e837691b536c320ff30d20de3c27c938176ce3f0cc317987a
- SHA512
  
  4533f52b813929a5f6b344cf823619ba5b976f2b644071b7ab0c32bb4746cb3bab6eac0bf75e2a6103cbd8a14752d21d40abc7cb1ab5e01fd3025575c84c8a1f
- SSDEEP
  
  96:3UfUBpr9AuwfChEJcKrKJr4S545im7e/EhZiC+6ZVX8tXaH8r1i6DdEAFWU+LPoX:37pEJcl15X0e/MiqwashDdEAmLPm
Score

10^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy