Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Readme/readme+.txt

windows11-21h2-x64

3

Readme/readme.txt

windows11-21h2-x64

3

Setup/Offi...86.exe

windows11-21h2-x64

10

Setup/Offi...86.exe

windows11-21h2-x64

10

Setup/Offi...r+.exe

windows11-21h2-x64

10

Setup/Offi...er.exe

windows11-21h2-x64

10

Resubmissions

17/05/2024, 18:01

240517-wlx2dabf85 10

17/05/2024, 17:59

240517-wk1e4sbe9x 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TG_RBModsPC_Office_Installer_Plus_1.15.rar

  • Size

    23.7MB

  • Sample

    240517-wlx2dabf85

  • MD5

    659a8625e2d283ebfbd104e429f73d2c

  • SHA1

    15fdd8e5970585fb7bebf019ef43dbca68d7e083

  • SHA256

    d257ccb871f76dc160811fcfce87770bbced5aa97dbcb7c7912ebbccd353fca4

  • SHA512

    1d8c014f634d60ced6a1668abfdeacf9f4e498ee8925d7c337dd6d879b90e64a1e2986f9892c51f2b2c0d919a8a10a0f9dde7b14637d41f1fcee163ab5b3b05f

  • SSDEEP

    393216:4Q4K/n6zJCFHa+uLT2/m4L6ifs93Pf+qlHQ2igzbGOCayNQo07JRrtadSFOjIgPh:4M60H3uLC/m4zfyPffKDe/w0jtaEFOVZ

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://mrodevicemgr.officeapps.live.com/mrodevicemgrsvc/api/v2/C2RReleaseData

Targets

    • Target

      Readme/readme+.txt

    • Size

      5KB

    • MD5

      21ddaf92fae1fcf477c41a1392e3d4ce

    • SHA1

      8f51fb7b5b58819a92a946b99027b2b3d16b5a87

    • SHA256

      94cdda717e8e64dcc763b2b7c2560d0b5cb0cc0c3e2e38c1b2a5d24488d19a86

    • SHA512

      9e54f2885886104509b2af7db83ffdd304aa821773d8bcbf29b0011b5e6e01ec27ac9f02a41f815298cb7b658986094bbd0b1ea74ac48eaff172f2a8b765f199

    • SSDEEP

      96:wi+XsfKONoUq9SCjCdaKWXEvIlP0bSZP3RinY3r8no:wi0skCdPWX1RI4PBsY7so

    Score
    3/10
    behavioral1

    • Target

      Readme/readme.txt

    • Size

      5KB

    • MD5

      55e29d2e521ef2bb8bf9fcd7f53e15df

    • SHA1

      c098f55f979f6f090f3d25fedc35eda1bc6c22f5

    • SHA256

      4f92c7ae46dfa18ac2628d22e29f593776fbccb5b9cb23b78a988388941b703d

    • SHA512

      dc6da1ecda7074658d431f4ec93f41a1e7ec89f213561784e08019b4bbc78cbf203773ea714a0c0d3f51cda23345686acc2b11eb41d8dc8a919b9a708fb125f4

    • SSDEEP

      96:wi+EfKONoUq9SCtCdaKWX6vIlP0bSZP3RBnYQoo:wiN6CdPWXrRI4PBVY7o

    Score
    3/10
    behavioral2

    • Target

      Setup/Office Installer x86.exe

    • Size

      9.0MB

    • MD5

      c2f8f016aa58b9a0be33378f911185df

    • SHA1

      c043b1630742ce321fcff02946ca2e6e758c6325

    • SHA256

      621bc8871ab00c23151a99f2ea4c2dbadd55b86eae623fc4370276e0897ae5b8

    • SHA512

      4c431246f01b974e3ad2a06ed90d0ee824a3c9338246c99a13a0ec8dea9fbcd9da5aa65a991ea74f9359954ca9b0a0039bde95060c4831cefe05d920c8530419

    • SSDEEP

      196608:PLivur4OIag6AiQBhyQbEAkZQdnkW9AVSGfGIJXcaI6HMaJTtGb:PLiv6Iazyyu4JfdJX

    Score
    10/10
    execution

    • Blocklisted process makes network request

    behavioral3

    • Target

      Setup/Office Installer+ x86.exe

    • Size

      9.0MB

    • MD5

      bb47521d553de207b420f7a16dddf152

    • SHA1

      ed2fb53becb4b161d58bd90ea42211751bc36c78

    • SHA256

      167fb686a8182b4380c699306a3c533eb3c264665925ad086329a752e0b2bde1

    • SHA512

      e0cda4ddccc70b9791a74b27a3c2b3453cbfa1d2a7e78fdb44c3150e90dea061b324e6b76e56a8ef6af7268516fbc97ee278e870b720a4a08887576b09b52801

    • SSDEEP

      196608:G73STvxTfg6AiQBhyQbEAkZQdnkW9AVSGfGIJXvaI6HMaJTtGb:G73ATfzyyu4JfdJX

    Score
    10/10
    execution

    • Blocklisted process makes network request

    behavioral4

    • Target

      Setup/Office Installer+.exe

    • Size

      9.6MB

    • MD5

      5d778ef245c57636e7456bc2d0ab86be

    • SHA1

      5ef75a1c46b8c78d252b7773e8b1fd8e3f2457d5

    • SHA256

      800e51be14194fd472568884784495e90d656759f741dd1445738f30bc23e78a

    • SHA512

      0da9923005e816b3c30367b6333c22e8f52b44f35d869e768e64e92da53a1447d978e264ca826ef3b370c003bdbd04df94fa882089a0744012f30a991ca119b7

    • SSDEEP

      196608:FQuGJDertzhHtN1KvnC7g6AiQBhyQbEAkZQdnkW9AVSGfGIJX0aI6HMaJTtGb:FQuGJDeZ91cC7zyyu4JfdJX

    Score
    10/10
    execution

    • Blocklisted process makes network request

    behavioral5

    • Target

      Setup/Office Installer.exe

    • Size

      9.6MB

    • MD5

      d43cb14713d0b1b610edbd6396ebedfc

    • SHA1

      30942a567ba57fb984f56b5e37ec829e5afb5417

    • SHA256

      897c40d0bb5a97d188c358b378546da7bad799f97cfdb5af1bcd9661472ad859

    • SHA512

      7cdb7f6e5c021d668b4c43b25374e2a5938ec59d975a7484e49ccef8e4cb9263e4562a0421c4a63fbfa38211cc7d090d018bd3e0d9bc1912474fa67aa70f993f

    • SSDEEP

      196608:DKepgxe27i5t0xgE9Sg6AiQBhyQbEAkZQdnkW9AVSGfGIJXZaI6HMaJTtGb:DKepgxeWxxZSzyyu4JfdJX

    Score
    10/10
    execution

    • Blocklisted process makes network request

    behavioral6

MITRE ATT&CK Enterprise v15

Tasks