Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c

  • Size

    44KB

  • Sample

    240704-1gpxeszglq

  • MD5

    3f943099acc31f5945e685b665679759

  • SHA1

    3a562cffa6a09468c360d8cebf3abc6652a0259c

  • SHA256

    ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c

  • SHA512

    b4df9e421c105b59ef4ad000b468f2f658c16eb27ab6677428f0c9a452d3c97e29038b8fc44abef9820585c29d3f902b66fbf46500e68cce4abb9e3ab03cd716

  • SSDEEP

    768:7ltvoxHl8kkhzOjugt643rUdc1um4GKt+cL23dA7q48uGCWeuF6mQQccvJ9ac29I:7Ml8kkhzOjugt643rGc1um4GKt+cL23F

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1

Targets

    • Target

      ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c

    • Size

      44KB

    • MD5

      3f943099acc31f5945e685b665679759

    • SHA1

      3a562cffa6a09468c360d8cebf3abc6652a0259c

    • SHA256

      ac0600573668d313abdbaf51bcaa2425da8ec9dafbedf876eca44445b507e55c

    • SHA512

      b4df9e421c105b59ef4ad000b468f2f658c16eb27ab6677428f0c9a452d3c97e29038b8fc44abef9820585c29d3f902b66fbf46500e68cce4abb9e3ab03cd716

    • SSDEEP

      768:7ltvoxHl8kkhzOjugt643rUdc1um4GKt+cL23dA7q48uGCWeuF6mQQccvJ9ac29I:7Ml8kkhzOjugt643rGc1um4GKt+cL23F

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks