Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Credit confirmation.xls

  • Size

    457KB

  • Sample

    240510-jlz5hsed94

  • MD5

    03b89a4337a09bc5d200b16ef43c8ec6

  • SHA1

    e8154021f60ce06b321259df461e9bbfa468f345

  • SHA256

    121b5365768697cce30074b9097cccecced51feb5f991d89574cb8f0626c4804

  • SHA512

    337a96b68af23dbb07a0a22b82733f07a2b024ef4250326ed043528ea4b4ede82d9e1d873943487d73c185e5d47d6540a920682cfbbe8bd0c5ce7106b55e0b2d

  • SSDEEP

    6144:ZZ+RwPONXoRjDhIcp0fDlavx+W26nAamxDun9zvCp4sJgXDHBMixiMK6G+ZFrTe2:kxu9bCfgXjpozwjTyYviDGnlQBs9zek

Score
10/10

Malware Config

Targets

    • Target

      Credit confirmation.xls

    • Size

      457KB

    • MD5

      03b89a4337a09bc5d200b16ef43c8ec6

    • SHA1

      e8154021f60ce06b321259df461e9bbfa468f345

    • SHA256

      121b5365768697cce30074b9097cccecced51feb5f991d89574cb8f0626c4804

    • SHA512

      337a96b68af23dbb07a0a22b82733f07a2b024ef4250326ed043528ea4b4ede82d9e1d873943487d73c185e5d47d6540a920682cfbbe8bd0c5ce7106b55e0b2d

    • SSDEEP

      6144:ZZ+RwPONXoRjDhIcp0fDlavx+W26nAamxDun9zvCp4sJgXDHBMixiMK6G+ZFrTe2:kxu9bCfgXjpozwjTyYviDGnlQBs9zek

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Abuses OpenXML format to download file from external location

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks