7be80d364613ec31e3d4bed89f849c96ec820187c6f5a524c4869e3012971952 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

NEAS.7be80...C.xlam

windows7-x64

NEAS.7be80...C.xlam

windows10-2004-x64

1

Sharing

General

Target

NEAS.7be80d364613ec31e3d4bed89f849c96ec820187c6f5a524c4869e3012971952xlsx_JC.zip
Size

706KB
Sample

231006-rynw1sda8z
MD5

010ac5aa486e123584b06d48acb633d7
SHA1

4d16403e148cbd35d815bf3a78da11b4b64249bb
SHA256

7be80d364613ec31e3d4bed89f849c96ec820187c6f5a524c4869e3012971952
SHA512

e75b119d348a09f9c7ace8f7f84c577b9c0e9e2a8cd690cb162745c33809d3cae82d2ae14467e4217de06ac35b68b664ad61bfcd8f515242336a4f5649349618
SSDEEP

12288:7WnWMgJAxjJLUtVbzKCkr7u9wkN+brQzb2VLCmpA9Y:afE0XuT2bpA2

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

NEAS.7be80d364613ec31e3d4bed89f849c96ec820187c6f5a524c4869e3012971952xlsx_JC.xlam

Resource

win7-20230831-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.7be80d364613ec31e3d4bed89f849c96ec820187c6f5a524c4869e3012971952xlsx_JC.xlam

Resource

win10v2004-20230915-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  NEAS.7be80d364613ec31e3d4bed89f849c96ec820187c6f5a524c4869e3012971952xlsx_JC.zip
- Size
  
  706KB
- MD5
  
  010ac5aa486e123584b06d48acb633d7
- SHA1
  
  4d16403e148cbd35d815bf3a78da11b4b64249bb
- SHA256
  
  7be80d364613ec31e3d4bed89f849c96ec820187c6f5a524c4869e3012971952
- SHA512
  
  e75b119d348a09f9c7ace8f7f84c577b9c0e9e2a8cd690cb162745c33809d3cae82d2ae14467e4217de06ac35b68b664ad61bfcd8f515242336a4f5649349618
- SSDEEP
  
  12288:7WnWMgJAxjJLUtVbzKCkr7u9wkN+brQzb2VLCmpA9Y:afE0XuT2bpA2
Score

10^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy