Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cee799e30364b8b545cdc4af18e18a023c15aeb3567208becc07ec27ec344bc1

  • Size

    36KB

  • Sample

    230129-x2q4faaf86

  • MD5

    732c422d5364fee18e2a6551396c6f8d

  • SHA1

    62b5aa90eea0b68787772768741b96cba9e441c8

  • SHA256

    cee799e30364b8b545cdc4af18e18a023c15aeb3567208becc07ec27ec344bc1

  • SHA512

    ba21bbdf7b018d01230fb74ca42d9453d565069db3509a8bef254007fd8922edc951af0bcc76a42b862bbd3ee9201be0877746f9228ebd7c713c202b225ca889

  • SSDEEP

    768:APqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJFB6p1SzJ4v46yKLPau:Mok3hbdlylKsgqopeJBWhZFGkE+cL2N9

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php

xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      cee799e30364b8b545cdc4af18e18a023c15aeb3567208becc07ec27ec344bc1

    • Size

      36KB

    • MD5

      732c422d5364fee18e2a6551396c6f8d

    • SHA1

      62b5aa90eea0b68787772768741b96cba9e441c8

    • SHA256

      cee799e30364b8b545cdc4af18e18a023c15aeb3567208becc07ec27ec344bc1

    • SHA512

      ba21bbdf7b018d01230fb74ca42d9453d565069db3509a8bef254007fd8922edc951af0bcc76a42b862bbd3ee9201be0877746f9228ebd7c713c202b225ca889

    • SSDEEP

      768:APqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJFB6p1SzJ4v46yKLPau:Mok3hbdlylKsgqopeJBWhZFGkE+cL2N9

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks