Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
986f079a4cfbf1a1de688c8853a0100f5b1178f734d6af75cbd97276e175b800.xls
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
986f079a4cfbf1a1de688c8853a0100f5b1178f734d6af75cbd97276e175b800.xls
Resource
win10v2004-20231215-en
General
-
Target
986f079a4cfbf1a1de688c8853a0100f5b1178f734d6af75cbd97276e175b800.zip
-
Size
686KB
-
MD5
3e63cc9641bfd0d687216d064a5d283b
-
SHA1
28606eb29192a20a6058ce61e55bc8ebb4c2bb7a
-
SHA256
6395caa0a9640b4d9fcda69615140343397e034a4029b5384942dcae9b203523
-
SHA512
5b72f94cef8d724f21ae42486c748f342bfbdeeb9d6ae77064d296742ba170d474677feb829cfcb7ff55ed082b7a57bf45f0164c78fedf60f80930780918eb54
-
SSDEEP
12288:N/SJL4dAmONUoCvqLvMxLeBvXvzKQyoeDIBAE1nMF+yM/gegd:NKJL4m9U5e6iB3zKQnQIB7hMF+yReo
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
resource yara_rule static1/unpack001/986f079a4cfbf1a1de688c8853a0100f5b1178f734d6af75cbd97276e175b800.xls office_macro_on_action -
resource static1/unpack001/986f079a4cfbf1a1de688c8853a0100f5b1178f734d6af75cbd97276e175b800.xls
Files
-
986f079a4cfbf1a1de688c8853a0100f5b1178f734d6af75cbd97276e175b800.zip.zip
Password: infected
-
986f079a4cfbf1a1de688c8853a0100f5b1178f734d6af75cbd97276e175b800.xls.doc .xls windows office2003
ThisDocument
ExtCollection
frmAbout
frmConfigTables
frmEditVariables
frmHelpID
frmMedTraceSettings
frmReqKey
frmReqRea
frmRiskEvaluation
frmUpdateFieldError
mbReqKeyReqRea
mbCommandBar
mbConfigTables
mbCoverPage
WordWrapper
mbCV_RiskEvaluation
mbEditVariables
ViewResetter
mbWindowsAPI
mbGlobalFunctions
mbHelpID
mbFunctions
mbImportData
mbInitDocument
mbReviewReport
mbCV_RiskClass
mbUpdateFields
mbCodeReview
mbNormal
mbReviewReport1
mbMedTraceOutput
mbProperties
mbSortTorAndTorr
mbUncName
mbGlobalDefinitions
mbHelpLinks
mbInsert
mbMenus
mbLandscape