476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8

476f9322d9...01.xls

windows7-x64

476f9322d9...01.xls

windows10-2004-x64

Sharing

General

Target

476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301
Size

134KB
Sample

240517-e973tahf7w
MD5

b7a3aa028067fd7c7e781a5a451fbbc2
SHA1

34ec187027cfe5b922954473fed4f4693935bd64
SHA256

476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301
SHA512

70de2d12ef3b1709428a17b864cf50a9da99a6b58cffd757e7bd9242e33b5eab9c20068dc3ac62a4b6bc0db03526dc3022f638ae1ca1e44a3ed2ce8841e717f0
SSDEEP

3072:s+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmPRfv:s+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3U

Score

10^/10

execution macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301.xls

Resource

win7-20240221-en

windows7-x64

13 signatures

60 seconds

Behavioral task

behavioral2

Sample

476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301.xls

Resource

win10v2004-20240508-en

windows10-2004-x64

11 signatures

60 seconds

Malware Config

Targets

- Target
  
  476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301
- Size
  
  134KB
- MD5
  
  b7a3aa028067fd7c7e781a5a451fbbc2
- SHA1
  
  34ec187027cfe5b922954473fed4f4693935bd64
- SHA256
  
  476f9322d9d5011a29c655d29f5ebe5ab0bdf38c3490491b46fb43efac796301
- SHA512
  
  70de2d12ef3b1709428a17b864cf50a9da99a6b58cffd757e7bd9242e33b5eab9c20068dc3ac62a4b6bc0db03526dc3022f638ae1ca1e44a3ed2ce8841e717f0
- SSDEEP
  
  3072:s+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3hOdsylKlgryzc4bNhZFGzE+cL2knmPRfv:s+Q+A64l7VX1TnRrpXJ0eQm02RxHFk3U
Score

10^/10

execution
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- An obfuscated cmd.exe command-line is typically used to evade detection.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.