Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

29/01/2024, 04:39

240129-e973taabe9 10

29/01/2024, 02:55

240129-dew7dshgep 10

29/01/2024, 01:55

240129-ccg41sfdf2 10

29/01/2024, 01:50

240129-b9jhnsgham 3

29/01/2024, 01:26

240129-bts26sfaa4 10

General

  • Target

    excel40macroschallenge.zip

  • Size

    103KB

  • Sample

    240129-e973taabe9

  • MD5

    542ead021ed9ecab2f5b6ff0edaf2f74

  • SHA1

    f1a509cb6dc15534a0b7ee29486789557a434941

  • SHA256

    024ef55d8112d913021e2f8e38294052c40d177062afebc1b462f396c86c297b

  • SHA512

    d2e1514a891db86ec6275ffcb6f44503cedf9e4560d200eeefc3fe047e08c7769de1892b92ee71fe4663720652eb509a55c29e24e82d6deb8dbe5a741cd9cb95

  • SSDEEP

    1536:r6diRoyzKi0WAx5elOHwxvhuQcLE6/Q59VGqITfVuy03FD+/mUtzBxr:xutnmOQxvqEPHVZILVK1D+eUtX

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://nws.visionconsulting.ro/N1G1KCXA/dot.html

xlm40.dropper

https://royalpalm.sparkblue.lk/vCNhYrq3Yg8/dot.html

Targets

    • Target

      excel40macroschallenge.zip

    • Size

      103KB

    • MD5

      542ead021ed9ecab2f5b6ff0edaf2f74

    • SHA1

      f1a509cb6dc15534a0b7ee29486789557a434941

    • SHA256

      024ef55d8112d913021e2f8e38294052c40d177062afebc1b462f396c86c297b

    • SHA512

      d2e1514a891db86ec6275ffcb6f44503cedf9e4560d200eeefc3fe047e08c7769de1892b92ee71fe4663720652eb509a55c29e24e82d6deb8dbe5a741cd9cb95

    • SSDEEP

      1536:r6diRoyzKi0WAx5elOHwxvhuQcLE6/Q59VGqITfVuy03FD+/mUtzBxr:xutnmOQxvqEPHVZILVK1D+eUtX

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks