Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    07586499.xls

  • Size

    1.7MB

  • Sample

    230614-tj4p2abb45

  • MD5

    f939f0754dbf01ab04a9ad14e219a9b2

  • SHA1

    e3812c98288b7d8fa029aad9ba44df7872a2ca9b

  • SHA256

    c8638e2a29455a9f17ae246aca7156fe7346e95a9abe66fd8832ab3ff6a58746

  • SHA512

    d745b03012a5bd3e49819ff8edd49d8eb073f49a1072568892d23c1f307a2f35f5304c36b54dfdfc1bf05bf24c5a145824de35e2db4ca6046a8024fde4a5319e

  • SSDEEP

    49152:kuQ9zPjPyGiTupw1A+cJbm5Qs633AO05:kN52BTYZ+qbm5QBw

Score
10/10

Malware Config

Targets

    • Target

      07586499.xls

    • Size

      1.7MB

    • MD5

      f939f0754dbf01ab04a9ad14e219a9b2

    • SHA1

      e3812c98288b7d8fa029aad9ba44df7872a2ca9b

    • SHA256

      c8638e2a29455a9f17ae246aca7156fe7346e95a9abe66fd8832ab3ff6a58746

    • SHA512

      d745b03012a5bd3e49819ff8edd49d8eb073f49a1072568892d23c1f307a2f35f5304c36b54dfdfc1bf05bf24c5a145824de35e2db4ca6046a8024fde4a5319e

    • SSDEEP

      49152:kuQ9zPjPyGiTupw1A+cJbm5Qs633AO05:kN52BTYZ+qbm5QBw

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks