Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    doc220689990507.xlsm

  • Size

    430KB

  • Sample

    230411-m94z6adg2s

  • MD5

    52bafaa08244532ff13caa997189813c

  • SHA1

    481c5125478d65e516a1af3038a0551116c2c637

  • SHA256

    bfe6807e6c403cb0b54b810f87d17f6453faa508ddf4a9451cd4c1bcdd14550d

  • SHA512

    fee2acdd4c7359679bff9db3932e0be799ebd40d10952913555d4027df9264d5d5dbb0cdba0141754ebe65a99dbcea491bb2a486ff806acf5cf0897060cf45ae

  • SSDEEP

    12288:2PIXQu7SHOCZhSTIS2dGpeWpqivD1YxR25O8UfN:2RwarmMSAGMID1R5OtfN

Score
10/10

Malware Config

Targets

    • Target

      doc220689990507.xlsm

    • Size

      430KB

    • MD5

      52bafaa08244532ff13caa997189813c

    • SHA1

      481c5125478d65e516a1af3038a0551116c2c637

    • SHA256

      bfe6807e6c403cb0b54b810f87d17f6453faa508ddf4a9451cd4c1bcdd14550d

    • SHA512

      fee2acdd4c7359679bff9db3932e0be799ebd40d10952913555d4027df9264d5d5dbb0cdba0141754ebe65a99dbcea491bb2a486ff806acf5cf0897060cf45ae

    • SSDEEP

      12288:2PIXQu7SHOCZhSTIS2dGpeWpqivD1YxR25O8UfN:2RwarmMSAGMID1R5OtfN

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks