Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a11bd2bde079c17dc7b6793404f812830e99af2883f33ee49c01bc8c85751d50_JC.xll

  • Size

    12KB

  • Sample

    231011-rdlk6abh2x

  • MD5

    ad86b0520d48a0b530915850244f196b

  • SHA1

    2d28250d44de5ce82ded47bfb29a8ae6353a3fa4

  • SHA256

    a11bd2bde079c17dc7b6793404f812830e99af2883f33ee49c01bc8c85751d50

  • SHA512

    138934773d669a60900a82ee011f781576dc82275b4c62e696472e1d5890c2b155bf60ecab4eefc1345d4c42fe125078013ee242b8581f28ad735cb288cb1a39

  • SSDEEP

    192:uU5z9iLjq2pJk+/qcJklyJOEd8LsWGQwrgAh:3z9AbJH/IwJOs3/QwrgC

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      a11bd2bde079c17dc7b6793404f812830e99af2883f33ee49c01bc8c85751d50_JC.xll

    • Size

      12KB

    • MD5

      ad86b0520d48a0b530915850244f196b

    • SHA1

      2d28250d44de5ce82ded47bfb29a8ae6353a3fa4

    • SHA256

      a11bd2bde079c17dc7b6793404f812830e99af2883f33ee49c01bc8c85751d50

    • SHA512

      138934773d669a60900a82ee011f781576dc82275b4c62e696472e1d5890c2b155bf60ecab4eefc1345d4c42fe125078013ee242b8581f28ad735cb288cb1a39

    • SSDEEP

      192:uU5z9iLjq2pJk+/qcJklyJOEd8LsWGQwrgAh:3z9AbJH/IwJOs3/QwrgC

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks