Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
07586499.xls
-
Size
1.7MB
-
Sample
230614-tj4p2abb45
-
MD5
f939f0754dbf01ab04a9ad14e219a9b2
-
SHA1
e3812c98288b7d8fa029aad9ba44df7872a2ca9b
-
SHA256
c8638e2a29455a9f17ae246aca7156fe7346e95a9abe66fd8832ab3ff6a58746
-
SHA512
d745b03012a5bd3e49819ff8edd49d8eb073f49a1072568892d23c1f307a2f35f5304c36b54dfdfc1bf05bf24c5a145824de35e2db4ca6046a8024fde4a5319e
-
SSDEEP
49152:kuQ9zPjPyGiTupw1A+cJbm5Qs633AO05:kN52BTYZ+qbm5QBw
Static task
static1
Behavioral task
behavioral1
Sample
07586499.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
07586499.xls
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
07586499.xls
-
Size
1.7MB
-
MD5
f939f0754dbf01ab04a9ad14e219a9b2
-
SHA1
e3812c98288b7d8fa029aad9ba44df7872a2ca9b
-
SHA256
c8638e2a29455a9f17ae246aca7156fe7346e95a9abe66fd8832ab3ff6a58746
-
SHA512
d745b03012a5bd3e49819ff8edd49d8eb073f49a1072568892d23c1f307a2f35f5304c36b54dfdfc1bf05bf24c5a145824de35e2db4ca6046a8024fde4a5319e
-
SSDEEP
49152:kuQ9zPjPyGiTupw1A+cJbm5Qs633AO05:kN52BTYZ+qbm5QBw
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-