Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

18/09/2023, 19:48

230918-yjcc1aef87 10

18/09/2023, 19:44

230918-yfxvjaef77 1

General

  • Target

    38a5d5432a654e4196c8c8bb73cfa5f85f9dd57c86a9229472787ee3165e75f7

  • Size

    134KB

  • Sample

    230918-yjcc1aef87

  • MD5

    f62c20fa55c5cd1113e6388ddd6982c0

  • SHA1

    7d3ecaaf149d049056bb1baef3e10649940097bc

  • SHA256

    38a5d5432a654e4196c8c8bb73cfa5f85f9dd57c86a9229472787ee3165e75f7

  • SHA512

    986a1cee21e348fc1323373717968eac2f44201dea9cb87be22a285f1a3a3f4418e130f34de6d3e83761375085388ac8d7ae1ef59aecbff9962e3f42385f5053

  • SSDEEP

    3072:oClOWUjWjf446h9jk5vw7SAEt4Ldq3xktQ73:oClOWUjWjf446h9jk5vw7SAEt4Ldq3xh

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://raw.githubusercontent.com/Build87471/ljs0l440ku9r/gh-pages/1pkcwcebyi4.ttf

Targets

    • Target

      38a5d5432a654e4196c8c8bb73cfa5f85f9dd57c86a9229472787ee3165e75f7

    • Size

      134KB

    • MD5

      f62c20fa55c5cd1113e6388ddd6982c0

    • SHA1

      7d3ecaaf149d049056bb1baef3e10649940097bc

    • SHA256

      38a5d5432a654e4196c8c8bb73cfa5f85f9dd57c86a9229472787ee3165e75f7

    • SHA512

      986a1cee21e348fc1323373717968eac2f44201dea9cb87be22a285f1a3a3f4418e130f34de6d3e83761375085388ac8d7ae1ef59aecbff9962e3f42385f5053

    • SSDEEP

      3072:oClOWUjWjf446h9jk5vw7SAEt4Ldq3xktQ73:oClOWUjWjf446h9jk5vw7SAEt4Ldq3xh

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks