87616eac43b7a6a789f9e6c49a66ce36674ec20156a0c8e032e07731a18f30ae | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

cffadf4bee...1.xlam

windows7-x64

cffadf4bee...1.xlam

windows10-2004-x64

1

Sharing

General

Target

41b8a5aadded29c7ef57e41bb0102152.bin
Size

667KB
Sample

231029-bq26nsfg77
MD5

a427220e7bc2cc3c4e176cd43c3bb800
SHA1

db1153903a2440b9dfa10f7c1b62e6f62fac6546
SHA256

87616eac43b7a6a789f9e6c49a66ce36674ec20156a0c8e032e07731a18f30ae
SHA512

52cb615a76d6e7ea0ff3362eb7702dc412fbb142da17d8dfa1f8a5ffd7683bc087134104daae88c4e131a82819449fd733ba78339dddf6711f04fbe1fec7a39a
SSDEEP

12288:uuzi/s5z8HtbMReQvmgVksu4l3sCm3b4nKYtGNdahAEJbalQusVfwtI:uTE5ktbMReL+ksuMvm3MZc/EJOTsC2

Score

10^/10

Static task

static1

Behavioral task

behavioral1

Sample

cffadf4bee42624c634e37a15e3da2aa08cc080e359df25b39fdda5645a62f31.xlam

Resource

win7-20231023-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

cffadf4bee42624c634e37a15e3da2aa08cc080e359df25b39fdda5645a62f31.xlam

Resource

win10v2004-20231023-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://imageupload.io/ib/63jq5ylJrw9KxLq_1696608110.jpg

exe.dropper

https://imageupload.io/ib/63jq5ylJrw9KxLq_1696608110.jpg

Targets

- Target
  
  cffadf4bee42624c634e37a15e3da2aa08cc080e359df25b39fdda5645a62f31.xlsx
- Size
  
  668KB
- MD5
  
  41b8a5aadded29c7ef57e41bb0102152
- SHA1
  
  ab78de829952f86e61f2fa351ce7bddf0c4a23bb
- SHA256
  
  cffadf4bee42624c634e37a15e3da2aa08cc080e359df25b39fdda5645a62f31
- SHA512
  
  6d31fc6ce6de3ffc4cc84fe3207e10c52e5ef31986293442b0f9214dae4c914661e574b857958ff8ea290b4961b6e025a610f375bde144d47eb610bdaff487ba
- SSDEEP
  
  12288:OK+e21N8IWOpr1Mu+VXSnuM95oOVPMX6Yyhf69cHhIAIY+2AmSMIHgJjAbDs2sd:O02f8+prO1VXk5oa564kTdZHCkYz
Score

10^/10
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy