Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c
-
Size
44KB
-
Sample
240704-1gpxeszglq
-
MD5
3f943099acc31f5945e685b665679759
-
SHA1
3a562cffa6a09468c360d8cebf3abc6652a0259c
-
SHA256
ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c
-
SHA512
b4df9e421c105b59ef4ad000b468f2f658c16eb27ab6677428f0c9a452d3c97e29038b8fc44abef9820585c29d3f902b66fbf46500e68cce4abb9e3ab03cd716
-
SSDEEP
768:7ltvoxHl8kkhzOjugt643rUdc1um4GKt+cL23dA7q48uGCWeuF6mQQccvJ9ac29I:7Ml8kkhzOjugt643rGc1um4GKt+cL23F
Behavioral task
behavioral1
Sample
ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c.xls
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c
-
Size
44KB
-
MD5
3f943099acc31f5945e685b665679759
-
SHA1
3a562cffa6a09468c360d8cebf3abc6652a0259c
-
SHA256
ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c
-
SHA512
b4df9e421c105b59ef4ad000b468f2f658c16eb27ab6677428f0c9a452d3c97e29038b8fc44abef9820585c29d3f902b66fbf46500e68cce4abb9e3ab03cd716
-
SSDEEP
768:7ltvoxHl8kkhzOjugt643rUdc1um4GKt+cL23dA7q48uGCWeuF6mQQccvJ9ac29I:7Ml8kkhzOjugt643rGc1um4GKt+cL23F
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-