Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

MQPurchase...).xlam

windows7-x64

10

MQPurchase...).xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MQPurchase Order (2).xlam.xlsx

  • Size

    696KB

  • Sample

    230825-jvz6waaa27

  • MD5

    a1db675acf65b2c9c73deca075bea9b7

  • SHA1

    bb92ae34c971ed37157824d233ab69ca5eda99e3

  • SHA256

    1b18db45bd47fcb35d17c01d27f86a5f1adca9c54727555e297af3606c56da4d

  • SHA512

    c2dd02d43f13686bb3e8d17387692c99d9b0d78d3cba7d21a0a5cc5077d0e4dd81116ad2f4e20301dc5b0e0c6fdbb545c49f08a39954523a910d996e9bc0bf00

  • SSDEEP

    12288:MZ6lG+uV+WiUU7b+hjVbz1nyD0u1UaQyXA2tKTrGdntt7AXuyIEccU1zN8psZKST:plGzV+WiU1HbtyD0u1UYgr8tt7A+yIEw

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

    • Target

      MQPurchase Order (2).xlam.xlsx

    • Size

      696KB

    • MD5

      a1db675acf65b2c9c73deca075bea9b7

    • SHA1

      bb92ae34c971ed37157824d233ab69ca5eda99e3

    • SHA256

      1b18db45bd47fcb35d17c01d27f86a5f1adca9c54727555e297af3606c56da4d

    • SHA512

      c2dd02d43f13686bb3e8d17387692c99d9b0d78d3cba7d21a0a5cc5077d0e4dd81116ad2f4e20301dc5b0e0c6fdbb545c49f08a39954523a910d996e9bc0bf00

    • SSDEEP

      12288:MZ6lG+uV+WiUU7b+hjVbz1nyD0u1UaQyXA2tKTrGdntt7AXuyIEccU1zN8psZKST:plGzV+WiU1HbtyD0u1UYgr8tt7A+yIEw

    Score
    10/10

    • Blocklisted process makes network request

    • Drops startup file

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks