Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    678a5620c1a6144e6572baf64065c3ef.docx

  • Size

    89KB

  • Sample

    240809-l4q1nstaqg

  • MD5

    678a5620c1a6144e6572baf64065c3ef

  • SHA1

    8485b42751328b5aa0bbc88b01600e8f17cebbcd

  • SHA256

    0efbc73c4e417d1153c08bdf7e101ee744a3f34c8241b073c2e0dfe34cd6139a

  • SHA512

    53fb3a8029e9ad7f8e4f4b2861b856563fbef62c7339a73c868a8c986cb27ab75ee528b1c4fa4c9007c031676a07946ee0263d56aa106de86790e7b1d2139a2f

  • SSDEEP

    1536:CH3mtb7ih7kPw17kG1Nc2FjOppKdA6KJvarn82+C4kAh6rhFRmxN/Sh+e:CHWt3ixkw17kcrOppKdsvarh4h69vmHu

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://servidorwindows.ddns.com.br/Files/vbs.jpeg

exe.dropper

http://servidorwindows.ddns.com.br/Files/vbs.jpeg

Targets

    • Target

      678a5620c1a6144e6572baf64065c3ef.docx

    • Size

      89KB

    • MD5

      678a5620c1a6144e6572baf64065c3ef

    • SHA1

      8485b42751328b5aa0bbc88b01600e8f17cebbcd

    • SHA256

      0efbc73c4e417d1153c08bdf7e101ee744a3f34c8241b073c2e0dfe34cd6139a

    • SHA512

      53fb3a8029e9ad7f8e4f4b2861b856563fbef62c7339a73c868a8c986cb27ab75ee528b1c4fa4c9007c031676a07946ee0263d56aa106de86790e7b1d2139a2f

    • SSDEEP

      1536:CH3mtb7ih7kPw17kG1Nc2FjOppKdA6KJvarn82+C4kAh6rhFRmxN/Sh+e:CHWt3ixkw17kcrOppKdsvarh4h69vmHu

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks