Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

4272282d07...b5.xls

windows7-x64

10

4272282d07...b5.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4272282d0702831a9b5ddd53dd11a9b5

  • Size

    36KB

  • Sample

    240105-b47nbaffar

  • MD5

    4272282d0702831a9b5ddd53dd11a9b5

  • SHA1

    9ddf5bf98a9ccdc41d9f1db284c50c75e3ecab72

  • SHA256

    3dcf79de4779775ffbe8f1e70de7c5c6c309660440318584686d3657bf6f3638

  • SHA512

    b0b4d028f4e561d1940adb36beed50fcdc8883aded3f1ad2057ad53bd1e6f3b52e2a498775f980ac582a528eb4739d41dab201bd2fdc6dc3543dc6aa678611a5

  • SSDEEP

    768:YPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJytZahqJfWmlW:Uok3hbdlylKsgqopeJBWhZFGkE+cL2Ns

Score
10/10
macroxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://statedauto.com/wp-data.php
xlm40.dropper

https://markens.online/wp-data.php

Targets

    • Target

      4272282d0702831a9b5ddd53dd11a9b5

    • Size

      36KB

    • MD5

      4272282d0702831a9b5ddd53dd11a9b5

    • SHA1

      9ddf5bf98a9ccdc41d9f1db284c50c75e3ecab72

    • SHA256

      3dcf79de4779775ffbe8f1e70de7c5c6c309660440318584686d3657bf6f3638

    • SHA512

      b0b4d028f4e561d1940adb36beed50fcdc8883aded3f1ad2057ad53bd1e6f3b52e2a498775f980ac582a528eb4739d41dab201bd2fdc6dc3543dc6aa678611a5

    • SSDEEP

      768:YPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJytZahqJfWmlW:Uok3hbdlylKsgqopeJBWhZFGkE+cL2Ns

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks