Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

QUOTATION.xlam

windows7-x64

10

QUOTATION.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    QUOTATION.xlam

  • Size

    614KB

  • Sample

    231006-rp4wwacg6s

  • MD5

    50a1039bea7bf6220fd06559c0a5be20

  • SHA1

    91c6d52784cf54457cc5cdb67ef2d3f404100786

  • SHA256

    e01c99c34b581a13f712ab7f5c5d01dd34a06c74fb05bc638aee86552173c787

  • SHA512

    21589d2183af49ad2e27d1bfd18cfcd898b8c87388c691589e4201eb9d1a7373873640ca1935798ecd5be4b75209a67b26d219e069aab66d8c55f20f64a3004f

  • SSDEEP

    12288:r/guhDtOw8C/QFomz+KZXkPQ/WJTAp1ux+8hgjRbCNP4s:r4Ycw8gNQZCo/ul+9RbYPt

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937
exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

    • Target

      QUOTATION.xlam

    • Size

      614KB

    • MD5

      50a1039bea7bf6220fd06559c0a5be20

    • SHA1

      91c6d52784cf54457cc5cdb67ef2d3f404100786

    • SHA256

      e01c99c34b581a13f712ab7f5c5d01dd34a06c74fb05bc638aee86552173c787

    • SHA512

      21589d2183af49ad2e27d1bfd18cfcd898b8c87388c691589e4201eb9d1a7373873640ca1935798ecd5be4b75209a67b26d219e069aab66d8c55f20f64a3004f

    • SSDEEP

      12288:r/guhDtOw8C/QFomz+KZXkPQ/WJTAp1ux+8hgjRbCNP4s:r4Ycw8gNQZCo/ul+9RbYPt

    Score
    10/10

    • Blocklisted process makes network request

    • Drops startup file

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks