Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

rfq_items_order.rtf

windows7-x64

8

rfq_items_order.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rfq_items_order.doc

  • Size

    55KB

  • Sample

    230201-j8z32ace66

  • MD5

    4b7aa837e88cd219bdb017dd927ef978

  • SHA1

    f6bfdf87b9acc4150f2dd875ad7802de36f3b9a4

  • SHA256

    73bc1996842a2b9bc3d02bad78a3a6c7f168df28116bcf49e74d3e1fc022520d

  • SHA512

    34122027d398ad8ed57ec5de21061500e97bfbe7e3f0ba61abc33cb258a4ee49f979d4b60bd435b14fbdd91dc1183f9c70ac096d030e126b7d5f44f7eb87998c

  • SSDEEP

    1536:Nf0Xvx3EMRf0Xvx3EMZqnfPnk+bBTQBGkSi:NsXvKMRsXvKMQnffk+NTIGkSi

Score
8/10

Malware Config

Targets

    • Target

      rfq_items_order.doc

    • Size

      55KB

    • MD5

      4b7aa837e88cd219bdb017dd927ef978

    • SHA1

      f6bfdf87b9acc4150f2dd875ad7802de36f3b9a4

    • SHA256

      73bc1996842a2b9bc3d02bad78a3a6c7f168df28116bcf49e74d3e1fc022520d

    • SHA512

      34122027d398ad8ed57ec5de21061500e97bfbe7e3f0ba61abc33cb258a4ee49f979d4b60bd435b14fbdd91dc1183f9c70ac096d030e126b7d5f44f7eb87998c

    • SSDEEP

      1536:Nf0Xvx3EMRf0Xvx3EMZqnfPnk+bBTQBGkSi:NsXvKMRsXvKMQnffk+NTIGkSi

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks