6eb428de0c5a04bb2c6cb00b171fa424331ba11fc1f9784380f73df5b9d324a5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

PO-4501226...1.xlam

windows7-x64

PO-4501226...1.xlam

windows10-2004-x64

1

Sharing

General

Target

PO-4501226854_WJO-001.xlam.xlsx
Size

620KB
Sample

230919-qthnrshc4y
MD5

a7be43b6c0c07ca83df1b743382063a2
SHA1

857f903eba27814a5c604d90fd1cf24bbfa33860
SHA256

6eb428de0c5a04bb2c6cb00b171fa424331ba11fc1f9784380f73df5b9d324a5
SHA512

f745ab56d21df2f27ec314c1e0ac9e4653a738c4b340fdec5dec0de0f5ec1a5fe19c55471b05e9871e11ef35ab8f5d732ff3045baf2d9678f87f9b97d85489df
SSDEEP

12288:zBbXAU6ZPspN/nNi21Q8dFAHkQRMG3DmRBVvHB1CElaliRHEM+QaNgJ:zBENPsHNDFVQRMG3DSBVvh1zaliRkMqM

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

PO-4501226854_WJO-001.xlam

Resource

win7-20230831-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO-4501226854_WJO-001.xlam

Resource

win10v2004-20230915-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Targets

- Target
  
  PO-4501226854_WJO-001.xlam.xlsx
- Size
  
  620KB
- MD5
  
  a7be43b6c0c07ca83df1b743382063a2
- SHA1
  
  857f903eba27814a5c604d90fd1cf24bbfa33860
- SHA256
  
  6eb428de0c5a04bb2c6cb00b171fa424331ba11fc1f9784380f73df5b9d324a5
- SHA512
  
  f745ab56d21df2f27ec314c1e0ac9e4653a738c4b340fdec5dec0de0f5ec1a5fe19c55471b05e9871e11ef35ab8f5d732ff3045baf2d9678f87f9b97d85489df
- SSDEEP
  
  12288:zBbXAU6ZPspN/nNi21Q8dFAHkQRMG3DmRBVvHB1CElaliRHEM+QaNgJ:zBENPsHNDFVQRMG3DSBVvh1zaliRkMqM
Score

10^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy