0efbc73c4e417d1153c08bdf7e101ee744a3f34c8241b073c2e0dfe34cd6139a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

678a5620c1...f.docx

windows7-x64

678a5620c1...f.docx

windows10-2004-x64

1

Sharing

General

Target

678a5620c1a6144e6572baf64065c3ef.docx
Size

89KB
Sample

240809-l4q1nstaqg
MD5

678a5620c1a6144e6572baf64065c3ef
SHA1

8485b42751328b5aa0bbc88b01600e8f17cebbcd
SHA256

0efbc73c4e417d1153c08bdf7e101ee744a3f34c8241b073c2e0dfe34cd6139a
SHA512

53fb3a8029e9ad7f8e4f4b2861b856563fbef62c7339a73c868a8c986cb27ab75ee528b1c4fa4c9007c031676a07946ee0263d56aa106de86790e7b1d2139a2f
SSDEEP

1536:CH3mtb7ih7kPw17kG1Nc2FjOppKdA6KJvarn82+C4kAh6rhFRmxN/Sh+e:CHWt3ixkw17kcrOppKdsvarh4h69vmHu

Score

10^/10

discovery execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

678a5620c1a6144e6572baf64065c3ef.docx

Resource

win7-20240708-en

discovery execution

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

678a5620c1a6144e6572baf64065c3ef.docx

Resource

win10v2004-20240802-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://servidorwindows.ddns.com.br/Files/vbs.jpeg

exe.dropper

http://servidorwindows.ddns.com.br/Files/vbs.jpeg

Targets

- Target
  
  678a5620c1a6144e6572baf64065c3ef.docx
- Size
  
  89KB
- MD5
  
  678a5620c1a6144e6572baf64065c3ef
- SHA1
  
  8485b42751328b5aa0bbc88b01600e8f17cebbcd
- SHA256
  
  0efbc73c4e417d1153c08bdf7e101ee744a3f34c8241b073c2e0dfe34cd6139a
- SHA512
  
  53fb3a8029e9ad7f8e4f4b2861b856563fbef62c7339a73c868a8c986cb27ab75ee528b1c4fa4c9007c031676a07946ee0263d56aa106de86790e7b1d2139a2f
- SSDEEP
  
  1536:CH3mtb7ih7kPw17kG1Nc2FjOppKdA6KJvarn82+C4kAh6rhFRmxN/Sh+e:CHWt3ixkw17kcrOppKdsvarh4h69vmHu
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Abuses OpenXML format to download file from external location
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy