Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Shipping documents.docx
-
Size
10KB
-
Sample
230306-g63d9sad8t
-
MD5
38bde1f71eff4a0b7d396fc4560b921a
-
SHA1
b7c1e4fdfec691fc11832480cca239d567b5b22c
-
SHA256
08d5e1d19cd6c2d1d0cd69b4573702bcbd7ebb97835a9d4769fb4dc12a564be1
-
SHA512
a484e8020d8fd46575814230ffab6cdbc1f968e35a9b037176f05c7defaede4a4b31eeedcd94418a961dbd8ec99f488fc8f88bad8bc1e911290a55d6eafd5f7b
-
SSDEEP
192:ScIMmtP1aIG/bslPL++uOdVDl+CVWBXJC0c3Fe:SPXU/slT+LOdVHkZC94
Static task
static1
Behavioral task
behavioral1
Sample
Shipping documents.docx
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Shipping documents.docx
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://ZZZJOOIOIOSDP99090SDXDdad9SDED99000DF00DF0SDF00DF0XCCXC0V00S0FDS0F0DF00SSZZZZZZZZ0X0C0XCZZXC0X@392117348/nc..........................doc
Targets
-
-
Target
Shipping documents.docx
-
Size
10KB
-
MD5
38bde1f71eff4a0b7d396fc4560b921a
-
SHA1
b7c1e4fdfec691fc11832480cca239d567b5b22c
-
SHA256
08d5e1d19cd6c2d1d0cd69b4573702bcbd7ebb97835a9d4769fb4dc12a564be1
-
SHA512
a484e8020d8fd46575814230ffab6cdbc1f968e35a9b037176f05c7defaede4a4b31eeedcd94418a961dbd8ec99f488fc8f88bad8bc1e911290a55d6eafd5f7b
-
SSDEEP
192:ScIMmtP1aIG/bslPL++uOdVDl+CVWBXJC0c3Fe:SPXU/slT+LOdVHkZC94
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-