Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BL384046.xls

  • Size

    1.1MB

  • Sample

    231005-p88m3abc4w

  • MD5

    2e23100c5aec0677e59c67a91a65f866

  • SHA1

    44a6b4bd21d112323e09d34377a4d4da790678ee

  • SHA256

    0b6fb77ce47570600e62ff20a47b545ea4a43c24b68960d23e654fbd78eb3354

  • SHA512

    e1ced652d23942fe93f44d89f4d4d12029ed16c2e36f41f138d41ac9d7fe0604ab78040da0bf8cbe68454277535d0a25bb498c7af52a29a01ccacd710d0c82d2

  • SSDEEP

    24576:AWQmmav30x6Zy7w6VZmIUDUZyfw6VukJUKokM9n8UIfExsdeI5jPwUx:VQmmQ30qf6VRL6V/e8rfxdeI5Tf

Score
8/10

Malware Config

Targets

    • Target

      BL384046.xls

    • Size

      1.1MB

    • MD5

      2e23100c5aec0677e59c67a91a65f866

    • SHA1

      44a6b4bd21d112323e09d34377a4d4da790678ee

    • SHA256

      0b6fb77ce47570600e62ff20a47b545ea4a43c24b68960d23e654fbd78eb3354

    • SHA512

      e1ced652d23942fe93f44d89f4d4d12029ed16c2e36f41f138d41ac9d7fe0604ab78040da0bf8cbe68454277535d0a25bb498c7af52a29a01ccacd710d0c82d2

    • SSDEEP

      24576:AWQmmav30x6Zy7w6VZmIUDUZyfw6VukJUKokM9n8UIfExsdeI5jPwUx:VQmmQ30qf6VRL6V/e8rfxdeI5Tf

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks