Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Exploit.CVE-2018-0798.4.7696.22882.rtf

  • Size

    6KB

  • Sample

    230107-c1apvace77

  • MD5

    5036c5caf4d3839c4768b846b2026b49

  • SHA1

    05971e6e13b6a5e88ec50ae43fe89874516e88e6

  • SHA256

    189f0ab021c39b7e837691b536c320ff30d20de3c27c938176ce3f0cc317987a

  • SHA512

    4533f52b813929a5f6b344cf823619ba5b976f2b644071b7ab0c32bb4746cb3bab6eac0bf75e2a6103cbd8a14752d21d40abc7cb1ab5e01fd3025575c84c8a1f

  • SSDEEP

    96:3UfUBpr9AuwfChEJcKrKJr4S545im7e/EhZiC+6ZVX8tXaH8r1i6DdEAFWU+LPoX:37pEJcl15X0e/MiqwashDdEAmLPm

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://172.174.176.153/dll/NoStartUp.ppam

Targets

    • Target

      SecuriteInfo.com.Exploit.CVE-2018-0798.4.7696.22882.rtf

    • Size

      6KB

    • MD5

      5036c5caf4d3839c4768b846b2026b49

    • SHA1

      05971e6e13b6a5e88ec50ae43fe89874516e88e6

    • SHA256

      189f0ab021c39b7e837691b536c320ff30d20de3c27c938176ce3f0cc317987a

    • SHA512

      4533f52b813929a5f6b344cf823619ba5b976f2b644071b7ab0c32bb4746cb3bab6eac0bf75e2a6103cbd8a14752d21d40abc7cb1ab5e01fd3025575c84c8a1f

    • SSDEEP

      96:3UfUBpr9AuwfChEJcKrKJr4S545im7e/EhZiC+6ZVX8tXaH8r1i6DdEAFWU+LPoX:37pEJcl15X0e/MiqwashDdEAmLPm

    Score
    10/10
    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks