Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    officeactivator.exe

  • Size

    15.2MB

  • Sample

    240504-lpvejsac7w

  • MD5

    209635421416545cb239f7484909fcf8

  • SHA1

    850fb53685bc7e70fe267aaed72f45ae7589ee03

  • SHA256

    e71d9dae0ae73ca4950fd14cc868de8ffdc25985c93b033994631271c74c98e7

  • SHA512

    c64adac9909f7c5f3e0e412b8403e2298d5698c33334f4571757c2c7276bcb820c70a7c48f7a17ccb546906007188dc798c8f3e9063faa8b00cfe7a90410bc0e

  • SSDEEP

    393216:uLoWykOEywRjHw4sxA0gnItqy0wRoEbLNKE:bkPnRjQk0OVyV6yKE

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://officecdn.microsoft.com/pr/5030841d-c919-4594-8d2d-84ae4f96e58e/Office/Data/v32.cab

Targets

    • Target

      officeactivator.exe

    • Size

      15.2MB

    • MD5

      209635421416545cb239f7484909fcf8

    • SHA1

      850fb53685bc7e70fe267aaed72f45ae7589ee03

    • SHA256

      e71d9dae0ae73ca4950fd14cc868de8ffdc25985c93b033994631271c74c98e7

    • SHA512

      c64adac9909f7c5f3e0e412b8403e2298d5698c33334f4571757c2c7276bcb820c70a7c48f7a17ccb546906007188dc798c8f3e9063faa8b00cfe7a90410bc0e

    • SSDEEP

      393216:uLoWykOEywRjHw4sxA0gnItqy0wRoEbLNKE:bkPnRjQk0OVyV6yKE

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks