Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

inquiry MT...31.xls

windows7-x64

10

inquiry MT...31.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07337dad154b1acb78f508f9614a7573.bin

  • Size

    415KB

  • Sample

    240707-bcy7vs1fpf

  • MD5

    633fff9f3d87c903948ff0f7d4f15b7c

  • SHA1

    52d985754e15b11c7f5ff01a5ace2fe9b47a0456

  • SHA256

    509083017c195ec73a47e614c455e43837d2c0c306d8fdc13021fd04c30febf9

  • SHA512

    fa21fa7672295de045f8678dffbc1cfb8d6418dd169574c8e0c3aa9596c147488d9f526cfb05e223407a4819ef18fcebaf7d62734354a28530cb841d9b8ee7df

  • SSDEEP

    12288:UyuC3oPyMXgT+q75YCSpNUFDIXqHaJVQkENhmNV9h0B:FR4HXJq4lgaJzETmP9hy

Score
10/10
phishing

Malware Config

Targets

    • Target

      inquiry MTO-PILZ-TF-8531

    • Size

      430KB

    • MD5

      996967065e5478555d9c4bf0838f6fd0

    • SHA1

      8c07156945c2c55d61df66ff9ee0f2d6c598a6a4

    • SHA256

      158644533c0c9683e8c8da4cfafd48eb05164ae25bb0e5f433ed23aec8a7464e

    • SHA512

      39c11818eae917356cd178476c2b55c67ca209246e11f0115999ae50e5f7fc6adc1d375ff974ef8020ccb25a1ad474a094f20625db4f741c902fdcf182e1e18e

    • SSDEEP

      12288:U6NCL1OGQpozwjTqCfgn+/doG59yeXWWeIgpWpKhNSB:U6NC5rFWWCfgnkdoG59ye5cIOS

    Score
    10/10
    phishing

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks