Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
(RFQ) – 14000102697.doc
-
Size
37KB
-
Sample
230417-m7mcbsdg96
-
MD5
17be8aa282a9714f7e11bc6a7b453f81
-
SHA1
745cc223e837bc41a8bacb09c7d12ce246042fe4
-
SHA256
ae3bc9f972947dbad44ec70d3d5aa55cce92a10bd87bed17004da72b800a0c67
-
SHA512
5e671ebf0769f03f7bbec062797a37aed18a3e3a257ce8b4c0aa53f7065011a71eea63d5556a9de99723b8e08cc4571c36b79e71034e3d6d6c43e236a4617a83
-
SSDEEP
768:wFx0XaIsnPRIa4fwJMAcErwPkegfqqOva9MSYlR74E+60WdFJBHDpZ:wf0Xvx3EMAcEraqOvabYlIcdFJ1tZ
Static task
static1
Behavioral task
behavioral1
Sample
(RFQ) – 14000102697.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
(RFQ) – 14000102697.rtf
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
(RFQ) – 14000102697.doc
-
Size
37KB
-
MD5
17be8aa282a9714f7e11bc6a7b453f81
-
SHA1
745cc223e837bc41a8bacb09c7d12ce246042fe4
-
SHA256
ae3bc9f972947dbad44ec70d3d5aa55cce92a10bd87bed17004da72b800a0c67
-
SHA512
5e671ebf0769f03f7bbec062797a37aed18a3e3a257ce8b4c0aa53f7065011a71eea63d5556a9de99723b8e08cc4571c36b79e71034e3d6d6c43e236a4617a83
-
SSDEEP
768:wFx0XaIsnPRIa4fwJMAcErwPkegfqqOva9MSYlR74E+60WdFJBHDpZ:wf0Xvx3EMAcEraqOvabYlIcdFJ1tZ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-