Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2bfc1dc0b004ce1e483895cdd612a059fc6f1f700b59add2e7166c7b6dfc5081

  • Size

    268KB

  • Sample

    230129-rxea7abb45

  • MD5

    1a00436b23d31af1997c4506a61a1e4c

  • SHA1

    916c044c30c222355192daa2ddab4678c95149a0

  • SHA256

    2bfc1dc0b004ce1e483895cdd612a059fc6f1f700b59add2e7166c7b6dfc5081

  • SHA512

    853c0a26be05b2b1348252ed32f6b75af4bbdfe6adf6d25c6653ae1b0d019602678f1f767a3b78736838583c305496f2c8216ececa188e97339e23b2f5b329b1

  • SSDEEP

    6144:b5To+5aQuqKl6RUyKCVw7PQDvvZCNyAZrqyCEkGb5K9efbT/:q+5ZCtuy7PQFCoWmCJff/

Malware Config

Targets

    • Target

      2bfc1dc0b004ce1e483895cdd612a059fc6f1f700b59add2e7166c7b6dfc5081

    • Size

      268KB

    • MD5

      1a00436b23d31af1997c4506a61a1e4c

    • SHA1

      916c044c30c222355192daa2ddab4678c95149a0

    • SHA256

      2bfc1dc0b004ce1e483895cdd612a059fc6f1f700b59add2e7166c7b6dfc5081

    • SHA512

      853c0a26be05b2b1348252ed32f6b75af4bbdfe6adf6d25c6653ae1b0d019602678f1f767a3b78736838583c305496f2c8216ececa188e97339e23b2f5b329b1

    • SSDEEP

      6144:b5To+5aQuqKl6RUyKCVw7PQDvvZCNyAZrqyCEkGb5K9efbT/:q+5ZCtuy7PQFCoWmCJff/

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks