Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6481edbc725104b15a4ae9e80f11c4a0060a74b5b1bf44d06e20975cd57e580c

  • Size

    34KB

  • Sample

    240808-1ye4js1aqn

  • MD5

    4af847012595949ef564643457cd28db

  • SHA1

    ce3c3db2e749bf63d513e9e640cc5da5c4958a11

  • SHA256

    6481edbc725104b15a4ae9e80f11c4a0060a74b5b1bf44d06e20975cd57e580c

  • SHA512

    e96f69098896c0e5278c50b227af0b1801d68da606fa18eb7877a1a9be888a0c93b1e3821820a87a0bd0c1e714a063ceb02f000b55fb5c745fac2dba07aa6bdd

  • SSDEEP

    384:i8LDMT+hA6ymev72NsdHL9eAjrT4wsXf7OrNC/WlknBtG:rDM6O6dev72NsdHL/v4wif76NAW

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://tmpfiles.org/dl/10809951/exploit.jpg

Targets

    • Target

      6481edbc725104b15a4ae9e80f11c4a0060a74b5b1bf44d06e20975cd57e580c

    • Size

      34KB

    • MD5

      4af847012595949ef564643457cd28db

    • SHA1

      ce3c3db2e749bf63d513e9e640cc5da5c4958a11

    • SHA256

      6481edbc725104b15a4ae9e80f11c4a0060a74b5b1bf44d06e20975cd57e580c

    • SHA512

      e96f69098896c0e5278c50b227af0b1801d68da606fa18eb7877a1a9be888a0c93b1e3821820a87a0bd0c1e714a063ceb02f000b55fb5c745fac2dba07aa6bdd

    • SSDEEP

      384:i8LDMT+hA6ymev72NsdHL9eAjrT4wsXf7OrNC/WlknBtG:rDM6O6dev72NsdHL/v4wif76NAW

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Office macro that triggers on suspicious action

      Office document macro which triggers in special circumstances - often malicious.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks