Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
832dc1da08ddc7f542938b77b768cd40c8b7eaf3a430c6058d8af80400515284
-
Size
44KB
-
Sample
240709-15sm8a1aqg
-
MD5
1e9ed7e79c0f48996fedb74189895ae6
-
SHA1
e0f104e40847774f3ca32fff30bdfc4548691b02
-
SHA256
832dc1da08ddc7f542938b77b768cd40c8b7eaf3a430c6058d8af80400515284
-
SHA512
2c648e9ef3e931ea9a0e182b75cc0d2db4d2ee478082ade6654f0d1e8b3cfc516c515031e260283c830b08f39ed1f946d1c7f468be18be99441cfbff8e3fc5e4
-
SSDEEP
768:Ytvo+lzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxSp5kuFlmQQpIvH9acc9acyL:IPk3hbdlylKsgqopeJBWhZFGkE+cL2N5
Behavioral task
behavioral1
Sample
832dc1da08ddc7f542938b77b768cd40c8b7eaf3a430c6058d8af80400515284.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
832dc1da08ddc7f542938b77b768cd40c8b7eaf3a430c6058d8af80400515284.xls
Resource
win10v2004-20240709-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
832dc1da08ddc7f542938b77b768cd40c8b7eaf3a430c6058d8af80400515284
-
Size
44KB
-
MD5
1e9ed7e79c0f48996fedb74189895ae6
-
SHA1
e0f104e40847774f3ca32fff30bdfc4548691b02
-
SHA256
832dc1da08ddc7f542938b77b768cd40c8b7eaf3a430c6058d8af80400515284
-
SHA512
2c648e9ef3e931ea9a0e182b75cc0d2db4d2ee478082ade6654f0d1e8b3cfc516c515031e260283c830b08f39ed1f946d1c7f468be18be99441cfbff8e3fc5e4
-
SSDEEP
768:Ytvo+lzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJxSp5kuFlmQQpIvH9acc9acyL:IPk3hbdlylKsgqopeJBWhZFGkE+cL2N5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-