Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEW PO LIST 02009 GREEN VALLEY.xlam

  • Size

    672KB

  • Sample

    230825-wl1r9seb34

  • MD5

    33e8fb7aa9f005ccb2e9fb681f087366

  • SHA1

    b45c204899eb12874dca86cc7b4e12af7dbe5dba

  • SHA256

    d300bd3ed7461b1c05c983a03ab34d07e23f8233bebab33c52631303de624c1a

  • SHA512

    18750e93e945e3f850d314ab5c3f6eebeccf3c552b6da0fb5b195f17e6cdef96521535475c8a912ab8da570fc78228b7601dbe99ff4cff9853bb2f51a03e9d1e

  • SSDEEP

    12288:d0dNkjFUgZAurY/a93VUmy8GQxMi4T+0J852WWqoq7lHoyPm3MywDcTYIj1CsB:2Eb0mycMiY+yI2WWylHo0mhYW19B

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129

exe.dropper

https://uploaddeimagens.com.br/images/004/559/510/original/rump_private.jpg?1690504129

Targets

    • Target

      NEW PO LIST 02009 GREEN VALLEY.xlam

    • Size

      672KB

    • MD5

      33e8fb7aa9f005ccb2e9fb681f087366

    • SHA1

      b45c204899eb12874dca86cc7b4e12af7dbe5dba

    • SHA256

      d300bd3ed7461b1c05c983a03ab34d07e23f8233bebab33c52631303de624c1a

    • SHA512

      18750e93e945e3f850d314ab5c3f6eebeccf3c552b6da0fb5b195f17e6cdef96521535475c8a912ab8da570fc78228b7601dbe99ff4cff9853bb2f51a03e9d1e

    • SSDEEP

      12288:d0dNkjFUgZAurY/a93VUmy8GQxMi4T+0J852WWqoq7lHoyPm3MywDcTYIj1CsB:2Eb0mycMiY+yI2WWylHo0mhYW19B

    Score
    10/10
    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks