Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Order Details89654.doc
-
Size
256KB
-
Sample
230130-p4mj2aca91
-
MD5
fddce2b3c97faecb1feb8fea47edf53e
-
SHA1
c5fdcd9c686970724faee24edab87663a16e92eb
-
SHA256
39e6d2cfe42c41a7d571ed30431236b6383b064e1ff0b72757457e9cc4ae46c1
-
SHA512
d0dec423bd97ba1e435961e9bb3c8382481b7174e0272785e1b2e04e969d8ba6cacd1a93be2a72d57c325ce2b28c19725ebb86c1b1779ea544eb50ec38acbf27
-
SSDEEP
1536:iXRiI4pd4t55vRvHv6ImzHNIS5rFwOH3GTlXa3wVbUxZVzFz76mAg5eeVhMDw5ww:i4U5UOzypVzFtr5RDAw5wfY
Static task
static1
Behavioral task
behavioral1
Sample
Order Details89654.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Order Details89654.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://rgkkzna.com/okc.exe
Targets
-
-
Target
Order Details89654.doc
-
Size
256KB
-
MD5
fddce2b3c97faecb1feb8fea47edf53e
-
SHA1
c5fdcd9c686970724faee24edab87663a16e92eb
-
SHA256
39e6d2cfe42c41a7d571ed30431236b6383b064e1ff0b72757457e9cc4ae46c1
-
SHA512
d0dec423bd97ba1e435961e9bb3c8382481b7174e0272785e1b2e04e969d8ba6cacd1a93be2a72d57c325ce2b28c19725ebb86c1b1779ea544eb50ec38acbf27
-
SSDEEP
1536:iXRiI4pd4t55vRvHv6ImzHNIS5rFwOH3GTlXa3wVbUxZVzFz76mAg5eeVhMDw5ww:i4U5UOzypVzFtr5RDAw5wfY
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-