Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ec431ebefa36dd371f2edb37a503cdff0334977684c33e246c45637b007bc5e8

  • Size

    28KB

  • Sample

    240808-1scq8szhll

  • MD5

    8d4285d6788aa4c6835f66e49dd2f836

  • SHA1

    d5018cce41c252ffba8e9d88674daff6538b2211

  • SHA256

    ec431ebefa36dd371f2edb37a503cdff0334977684c33e246c45637b007bc5e8

  • SHA512

    71de11a96ed9e4d961febe6cb6a3dce62672eedb3d52367bd10c6110e24f56813acffb756c6c9f8318ee7fed49defdbb2ce64b320cf183648b9eb1feeebcc38d

  • SSDEEP

    384:i8LDTMTyvA6ymevF2NsdHLbeAj64wsXf7OrNbn/WlRABE:rDTMeY6devF2NsdHLd64wif76N7Wln

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://tmpfiles.org/dl/10813794/exploit.jpg

Targets

    • Target

      ec431ebefa36dd371f2edb37a503cdff0334977684c33e246c45637b007bc5e8

    • Size

      28KB

    • MD5

      8d4285d6788aa4c6835f66e49dd2f836

    • SHA1

      d5018cce41c252ffba8e9d88674daff6538b2211

    • SHA256

      ec431ebefa36dd371f2edb37a503cdff0334977684c33e246c45637b007bc5e8

    • SHA512

      71de11a96ed9e4d961febe6cb6a3dce62672eedb3d52367bd10c6110e24f56813acffb756c6c9f8318ee7fed49defdbb2ce64b320cf183648b9eb1feeebcc38d

    • SSDEEP

      384:i8LDTMTyvA6ymevF2NsdHLbeAj64wsXf7OrNbn/WlRABE:rDTMeY6devF2NsdHLd64wif76N7Wln

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks