Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    000e7212034e2cc42b2c59dceccb614b0916dd0e524cc653ac9591228c7a3d67

  • Size

    35KB

  • Sample

    240708-z165da1fqb

  • MD5

    7f3f985ec7c2739f6670083deda3c625

  • SHA1

    ea48dc066138d62012b862874b50d37f64281d3c

  • SHA256

    000e7212034e2cc42b2c59dceccb614b0916dd0e524cc653ac9591228c7a3d67

  • SHA512

    ad033808ce820074814ebe8f8ab4b7880fe2f027e7668bebaa4c2729f79a8374653f37db4a8735660eab5238acb1a6595a919e1abcb137add63fbf951452eb7b

  • SSDEEP

    768:ctvo+uzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJYrm2Ucd93:Myk3hbdlylKsgqopeJBWhZFGkE+cL2N1

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1

Targets

    • Target

      000e7212034e2cc42b2c59dceccb614b0916dd0e524cc653ac9591228c7a3d67

    • Size

      35KB

    • MD5

      7f3f985ec7c2739f6670083deda3c625

    • SHA1

      ea48dc066138d62012b862874b50d37f64281d3c

    • SHA256

      000e7212034e2cc42b2c59dceccb614b0916dd0e524cc653ac9591228c7a3d67

    • SHA512

      ad033808ce820074814ebe8f8ab4b7880fe2f027e7668bebaa4c2729f79a8374653f37db4a8735660eab5238acb1a6595a919e1abcb137add63fbf951452eb7b

    • SSDEEP

      768:ctvo+uzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJYrm2Ucd93:Myk3hbdlylKsgqopeJBWhZFGkE+cL2N1

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks