ddd653729d1e255bc3828d5b021f46ce19c87deb6589846e1f39b931c1a59bb0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Remitted P...s.xlam

windows7-x64

Remitted P...s.xlam

windows10-2004-x64

1

Sharing

General

Target

Remitted Payments.xlam.xlsx
Size

727KB
Sample

231012-qaccmsba7x
MD5

f4d150cfd76b9358e4e27cb4730d9eaa
SHA1

c413eada17c6be4cf84e0a71d327ddbd8e27d9d1
SHA256

ddd653729d1e255bc3828d5b021f46ce19c87deb6589846e1f39b931c1a59bb0
SHA512

372baaf260b8dec3202d425c6ca115d34774a5ab3ffb947add0f3906bb2ca219916a752274223add00dc10b59945ffd44340c695ffd7c61f09c1ac573ef26c37
SSDEEP

12288:nY1o/ojZzT4YPBoNaMTRdOk5CnoCAGjolAqQkEMrO6b/cEEARG3Ly:P/ojZ34YObTRdR5CFAd6kEMrNcEHRG3+

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

Remitted Payments.xlam

Resource

win7-20230831-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Remitted Payments.xlam

Resource

win10v2004-20230915-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

exe.dropper

https://uploaddeimagens.com.br/images/004/616/609/original/rump_vbs.jpg?1695408937

Targets

- Target
  
  Remitted Payments.xlam.xlsx
- Size
  
  727KB
- MD5
  
  f4d150cfd76b9358e4e27cb4730d9eaa
- SHA1
  
  c413eada17c6be4cf84e0a71d327ddbd8e27d9d1
- SHA256
  
  ddd653729d1e255bc3828d5b021f46ce19c87deb6589846e1f39b931c1a59bb0
- SHA512
  
  372baaf260b8dec3202d425c6ca115d34774a5ab3ffb947add0f3906bb2ca219916a752274223add00dc10b59945ffd44340c695ffd7c61f09c1ac573ef26c37
- SSDEEP
  
  12288:nY1o/ojZzT4YPBoNaMTRdOk5CnoCAGjolAqQkEMrO6b/cEEARG3Ly:P/ojZ34YObTRdR5CFAd6kEMrNcEHRG3+
Score

10^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy