Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

INVOICE-678738.rtf

windows7-x64

10

INVOICE-678738.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICE-678738.doc

  • Size

    70KB

  • Sample

    230826-j5kh6sag3v

  • MD5

    a9873a6bbc2bca4b14f3cf211d0fb231

  • SHA1

    9aa9e1a85595fe3733b276196f2052c0bdc0e470

  • SHA256

    056423487d9c1640e5a94f843a5068f537fdaeac6cffd6225eb7d34c0b27434b

  • SHA512

    d482cf0a1e7123ae3c6a1fb43d8509304c65dedf187c55858b28abfe9586964f7363b15e391498346a9bc4979e88ac3bb561119a413174359cf778f382b9fc72

  • SSDEEP

    1536:BwAlRmlZYFfZ8PZOGdOX/XLGfaiVb5xtjvFsu3AZsyatxFO5O5889jnhjE6VLnUu:BwAlUZYFfeBOGOv7Gfailtj9suOsyath

Score
10/10

Malware Config

Targets

    • Target

      INVOICE-678738.doc

    • Size

      70KB

    • MD5

      a9873a6bbc2bca4b14f3cf211d0fb231

    • SHA1

      9aa9e1a85595fe3733b276196f2052c0bdc0e470

    • SHA256

      056423487d9c1640e5a94f843a5068f537fdaeac6cffd6225eb7d34c0b27434b

    • SHA512

      d482cf0a1e7123ae3c6a1fb43d8509304c65dedf187c55858b28abfe9586964f7363b15e391498346a9bc4979e88ac3bb561119a413174359cf778f382b9fc72

    • SSDEEP

      1536:BwAlRmlZYFfZ8PZOGdOX/XLGfaiVb5xtjvFsu3AZsyatxFO5O5889jnhjE6VLnUu:BwAlUZYFfeBOGOv7Gfailtj9suOsyath

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks