Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEW ORDER_Letter.docx.doc

  • Size

    11KB

  • Sample

    230802-j3valaef8v

  • MD5

    4eae6776404bb5c2d7c674f8416d64d0

  • SHA1

    7b6cfd8ee65beb455e48b1163e8b2f96754fbb92

  • SHA256

    089462a333a00823a7b2b3f06a622107ff50187c1e7c16fa53a0e67202373bdf

  • SHA512

    c9391023ec8836a0f2944f120e2a2ea0547d4eb3b52a8cf7aa28dc21927ff3e1af6d7c63d2f07f522519399e5a676614113c7c2e65437eb1e78e6098cb9d6cc9

  • SSDEEP

    192:rya0NzkeOW/4N5eNA2A+EnVs+mg1SoBBJYNO36PvQKx48Y9WcWe8ruP:ryXzkeOW/u5+A2bkBdBBJYNOqPx4Z9W4

Score
8/10

Malware Config

Targets

    • Target

      NEW ORDER_Letter.docx.doc

    • Size

      11KB

    • MD5

      4eae6776404bb5c2d7c674f8416d64d0

    • SHA1

      7b6cfd8ee65beb455e48b1163e8b2f96754fbb92

    • SHA256

      089462a333a00823a7b2b3f06a622107ff50187c1e7c16fa53a0e67202373bdf

    • SHA512

      c9391023ec8836a0f2944f120e2a2ea0547d4eb3b52a8cf7aa28dc21927ff3e1af6d7c63d2f07f522519399e5a676614113c7c2e65437eb1e78e6098cb9d6cc9

    • SSDEEP

      192:rya0NzkeOW/4N5eNA2A+EnVs+mg1SoBBJYNO36PvQKx48Y9WcWe8ruP:ryXzkeOW/u5+A2bkBdBBJYNOqPx4Z9W4

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks