Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02.doc

  • Size

    558KB

  • Sample

    240514-tnld9aec68

  • MD5

    3afb331dcc492210d0030a911211d690

  • SHA1

    51606c7b96c32d20ef4f6c7cc751120b2b40a09c

  • SHA256

    4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02

  • SHA512

    c27089aa73b500acdd6d8f3df4dc3dab228da91cca7ee68a0acdc4625e07cc5db7e602d63ba16c0818c176d40076b042a28ca37e2ef70dd2858a60b803d9e590

  • SSDEEP

    12288:1+nE2k3y/xtOFWykjXzcUMP4xmFhNllV3hEA1/ri:UE2k3kqWy02PdFhhVxv2

Malware Config

Targets

    • Target

      4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02.doc

    • Size

      558KB

    • MD5

      3afb331dcc492210d0030a911211d690

    • SHA1

      51606c7b96c32d20ef4f6c7cc751120b2b40a09c

    • SHA256

      4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02

    • SHA512

      c27089aa73b500acdd6d8f3df4dc3dab228da91cca7ee68a0acdc4625e07cc5db7e602d63ba16c0818c176d40076b042a28ca37e2ef70dd2858a60b803d9e590

    • SSDEEP

      12288:1+nE2k3y/xtOFWykjXzcUMP4xmFhNllV3hEA1/ri:UE2k3kqWy02PdFhhVxv2

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks