Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e1fd15634a2886d0ac9574f1c462c895e374a5f8b8a88321a6242abed400f111
-
Size
44KB
-
Sample
240708-2enr1svcle
-
MD5
c75e74d9a3c2057a5f53f4eed1fd7d52
-
SHA1
06279205c38c809a596bc25c3ebade01a1aaf55f
-
SHA256
e1fd15634a2886d0ac9574f1c462c895e374a5f8b8a88321a6242abed400f111
-
SHA512
a8b8ea46df6bf43bda2d23b4943b8732cc69f6404c839649570c42004a919fe668a19760bb4ea363b7e023f291a1c358f4041b0ca1c3868632444e563166382b
-
SSDEEP
768:Ctvo+rzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxSjWRJFlmQQc82J9acM9acyL:qZk3hbdlylKsgqopeJBWhZFGkE+cL2Nc
Behavioral task
behavioral1
Sample
e1fd15634a2886d0ac9574f1c462c895e374a5f8b8a88321a6242abed400f111.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e1fd15634a2886d0ac9574f1c462c895e374a5f8b8a88321a6242abed400f111.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
e1fd15634a2886d0ac9574f1c462c895e374a5f8b8a88321a6242abed400f111
-
Size
44KB
-
MD5
c75e74d9a3c2057a5f53f4eed1fd7d52
-
SHA1
06279205c38c809a596bc25c3ebade01a1aaf55f
-
SHA256
e1fd15634a2886d0ac9574f1c462c895e374a5f8b8a88321a6242abed400f111
-
SHA512
a8b8ea46df6bf43bda2d23b4943b8732cc69f6404c839649570c42004a919fe668a19760bb4ea363b7e023f291a1c358f4041b0ca1c3868632444e563166382b
-
SSDEEP
768:Ctvo+rzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxSjWRJFlmQQc82J9acM9acyL:qZk3hbdlylKsgqopeJBWhZFGkE+cL2Nc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-