5daccf2d036e313eacb7b0660c8f6c4b4eb48a7bf841f5f85a68eaf08b678553 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

5daccf2d03...53.xls

windows7-x64

5daccf2d03...53.xls

windows10-2004-x64

1

Sharing

General

Target

5daccf2d036e313eacb7b0660c8f6c4b4eb48a7bf841f5f85a68eaf08b678553.xls
Size

445KB
Sample

240817-bn7clsyenh
MD5

e07cfed85c1ddf5a98b21de6cb894a18
SHA1

092241ff646b40b753d18973ec61638a0f70fa98
SHA256

5daccf2d036e313eacb7b0660c8f6c4b4eb48a7bf841f5f85a68eaf08b678553
SHA512

0016dc6031bc7f82b7d85ccd6d93e7618eb56d4ff5fb08847c73996a61c7a5670786bb689fec14e3ab704070e472ab8f16ed25bd5f428b0ac104e827e712cf68
SSDEEP

12288:aWkD+1iATCUvwG3Dl6M+ntycfS8ZxGxJygH42DYqI9:dkD+1BCSDinTrZxK4mYqG

Score

10^/10

discovery execution

Static task

static1

Behavioral task

behavioral1

Sample

5daccf2d036e313eacb7b0660c8f6c4b4eb48a7bf841f5f85a68eaf08b678553.xls

Resource

win7-20240729-en

discovery execution

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

5daccf2d036e313eacb7b0660c8f6c4b4eb48a7bf841f5f85a68eaf08b678553.xls

Resource

win10v2004-20240802-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

- Target
  
  5daccf2d036e313eacb7b0660c8f6c4b4eb48a7bf841f5f85a68eaf08b678553.xls
- Size
  
  445KB
- MD5
  
  e07cfed85c1ddf5a98b21de6cb894a18
- SHA1
  
  092241ff646b40b753d18973ec61638a0f70fa98
- SHA256
  
  5daccf2d036e313eacb7b0660c8f6c4b4eb48a7bf841f5f85a68eaf08b678553
- SHA512
  
  0016dc6031bc7f82b7d85ccd6d93e7618eb56d4ff5fb08847c73996a61c7a5670786bb689fec14e3ab704070e472ab8f16ed25bd5f428b0ac104e827e712cf68
- SSDEEP
  
  12288:aWkD+1iATCUvwG3Dl6M+ntycfS8ZxGxJygH42DYqI9:dkD+1BCSDinTrZxK4mYqG
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Abuses OpenXML format to download file from external location
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution

behavioral2

© 2018-2025

Terms | Privacy