4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

4232fc770b...02.doc

windows7-x64

4232fc770b...02.doc

windows10-2004-x64

Sharing

General

Target

4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02.doc
Size

558KB
Sample

240514-tnld9aec68
MD5

3afb331dcc492210d0030a911211d690
SHA1

51606c7b96c32d20ef4f6c7cc751120b2b40a09c
SHA256

4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02
SHA512

c27089aa73b500acdd6d8f3df4dc3dab228da91cca7ee68a0acdc4625e07cc5db7e602d63ba16c0818c176d40076b042a28ca37e2ef70dd2858a60b803d9e590
SSDEEP

12288:1+nE2k3y/xtOFWykjXzcUMP4xmFhNllV3hEA1/ri:UE2k3kqWy02PdFhhVxv2

Score

10^/10

execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02.doc

Resource

win7-20240221-en

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02.doc

Resource

win10v2004-20240508-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02.doc
- Size
  
  558KB
- MD5
  
  3afb331dcc492210d0030a911211d690
- SHA1
  
  51606c7b96c32d20ef4f6c7cc751120b2b40a09c
- SHA256
  
  4232fc770b2046a48fde1f01c9c487529bec37e87613ad7e77ff9f0adb713f02
- SHA512
  
  c27089aa73b500acdd6d8f3df4dc3dab228da91cca7ee68a0acdc4625e07cc5db7e602d63ba16c0818c176d40076b042a28ca37e2ef70dd2858a60b803d9e590
- SSDEEP
  
  12288:1+nE2k3y/xtOFWykjXzcUMP4xmFhNllV3hEA1/ri:UE2k3kqWy02PdFhhVxv2
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2025

Terms | Privacy