Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

(RFQ) – ...97.rtf

windows7-x64

10

(RFQ) – ...97.rtf

windows10-2004-x64

1

Resubmissions

17/04/2023, 11:12

230417-naxbpsdh25 10

17/04/2023, 11:06

230417-m7mcbsdg96 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    (RFQ) – 14000102697.doc

  • Size

    37KB

  • Sample

    230417-m7mcbsdg96

  • MD5

    17be8aa282a9714f7e11bc6a7b453f81

  • SHA1

    745cc223e837bc41a8bacb09c7d12ce246042fe4

  • SHA256

    ae3bc9f972947dbad44ec70d3d5aa55cce92a10bd87bed17004da72b800a0c67

  • SHA512

    5e671ebf0769f03f7bbec062797a37aed18a3e3a257ce8b4c0aa53f7065011a71eea63d5556a9de99723b8e08cc4571c36b79e71034e3d6d6c43e236a4617a83

  • SSDEEP

    768:wFx0XaIsnPRIa4fwJMAcErwPkegfqqOva9MSYlR74E+60WdFJBHDpZ:wf0Xvx3EMAcEraqOvabYlIcdFJ1tZ

Score
10/10

Malware Config

Targets

    • Target

      (RFQ) – 14000102697.doc

    • Size

      37KB

    • MD5

      17be8aa282a9714f7e11bc6a7b453f81

    • SHA1

      745cc223e837bc41a8bacb09c7d12ce246042fe4

    • SHA256

      ae3bc9f972947dbad44ec70d3d5aa55cce92a10bd87bed17004da72b800a0c67

    • SHA512

      5e671ebf0769f03f7bbec062797a37aed18a3e3a257ce8b4c0aa53f7065011a71eea63d5556a9de99723b8e08cc4571c36b79e71034e3d6d6c43e236a4617a83

    • SSDEEP

      768:wFx0XaIsnPRIa4fwJMAcErwPkegfqqOva9MSYlR74E+60WdFJBHDpZ:wf0Xvx3EMAcEraqOvabYlIcdFJ1tZ

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks