304504a8551a6f71df38528b02d9b1537b06d4fb2b2cbd55833fdee0eb8b7266 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

304504a855...66.xls

windows7-x64

304504a855...66.xls

windows10-2004-x64

Sharing

General

Target

304504a8551a6f71df38528b02d9b1537b06d4fb2b2cbd55833fdee0eb8b7266
Size

138KB
Sample

240515-c4t8nadc6x
MD5

21938d9f68f3f0d68836b8f5d5763c51
SHA1

a8b51a4887b792cf9f4e139af90644431189f607
SHA256

304504a8551a6f71df38528b02d9b1537b06d4fb2b2cbd55833fdee0eb8b7266
SHA512

440635a597e8fa90933ad77a6baaa5e6a4d5e09238f4fe06ed6cf4db66bef9245b3fc8f908b25d51cf52c1398732c1dbbf7e80c3b6e3ca37ba360d432d3c76ae
SSDEEP

3072:i+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmwd13:i+Q+A64l7VX1TnRrpXJ0eQm02RxHFk37

Score

10^/10

execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

304504a8551a6f71df38528b02d9b1537b06d4fb2b2cbd55833fdee0eb8b7266.xls

Resource

win7-20240221-en

windows7-x64

13 signatures

60 seconds

Behavioral task

behavioral2

Sample

304504a8551a6f71df38528b02d9b1537b06d4fb2b2cbd55833fdee0eb8b7266.xls

Resource

win10v2004-20240508-en

windows10-2004-x64

11 signatures

60 seconds

Malware Config

Targets

- Target
  
  304504a8551a6f71df38528b02d9b1537b06d4fb2b2cbd55833fdee0eb8b7266
- Size
  
  138KB
- MD5
  
  21938d9f68f3f0d68836b8f5d5763c51
- SHA1
  
  a8b51a4887b792cf9f4e139af90644431189f607
- SHA256
  
  304504a8551a6f71df38528b02d9b1537b06d4fb2b2cbd55833fdee0eb8b7266
- SHA512
  
  440635a597e8fa90933ad77a6baaa5e6a4d5e09238f4fe06ed6cf4db66bef9245b3fc8f908b25d51cf52c1398732c1dbbf7e80c3b6e3ca37ba360d432d3c76ae
- SSDEEP
  
  3072:i+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmwd13:i+Q+A64l7VX1TnRrpXJ0eQm02RxHFk37
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2025

Terms | Privacy