Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e6ce3afaaaed3a333bd27710378607dbab0e662ce54de106e63621d44b15cf8d.xls

  • Size

    331KB

  • Sample

    240822-c4at1svapg

  • MD5

    88683824dbd986b04614f87932b353e2

  • SHA1

    2337105e97292f73355a9bec6ab557801291958a

  • SHA256

    e6ce3afaaaed3a333bd27710378607dbab0e662ce54de106e63621d44b15cf8d

  • SHA512

    51085d772bdcb96630a96ab549224b3acf93a60685df0ef33bc844a917e595df99ee6554fbbb28a611b2ea96a63aaf4a666fbeed9a14a987d5645c5f654a5d97

  • SSDEEP

    6144:busFsN2M9GMzJexttr9+nkpJsJV5ehYxH/P1ljNGEMo:Ksg9GDtIkTynxf8Er

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

exe.dropper

https://ia803104.us.archive.org/27/items/vbs_20240726_20240726/vbs.jpg

Targets

    • Target

      e6ce3afaaaed3a333bd27710378607dbab0e662ce54de106e63621d44b15cf8d.xls

    • Size

      331KB

    • MD5

      88683824dbd986b04614f87932b353e2

    • SHA1

      2337105e97292f73355a9bec6ab557801291958a

    • SHA256

      e6ce3afaaaed3a333bd27710378607dbab0e662ce54de106e63621d44b15cf8d

    • SHA512

      51085d772bdcb96630a96ab549224b3acf93a60685df0ef33bc844a917e595df99ee6554fbbb28a611b2ea96a63aaf4a666fbeed9a14a987d5645c5f654a5d97

    • SSDEEP

      6144:busFsN2M9GMzJexttr9+nkpJsJV5ehYxH/P1ljNGEMo:Ksg9GDtIkTynxf8Er

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks