Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35
-
Size
151KB
-
Sample
240902-zv3vrsyaqa
-
MD5
57ae9a272db8afd8070654e33aad712e
-
SHA1
7d843ebfbc5f3c39fae771282397fb32167ec1c1
-
SHA256
89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35
-
SHA512
17446c77f0fc0058a7b947c4460c362bccccc9262a9543a9680bc6c8ff83219319656853665e33a7b295e91908b31159bc7b9351271896791f0cc2d18815c6dd
-
SSDEEP
3072:hcKoSsxzNDZLDZjlbR868O8KlVH3dehvMqAPjxO5xyZUE5V5xtezEVg8/dg1Gx0n:hcKoSsxzNDZLDZjlbR868O8KlVH3dehD
Behavioral task
behavioral1
Sample
89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35.xls
Resource
win10v2004-20240802-en
Malware Config
Extracted
http://aishyana.com/wp-admin/6pY001tdOxYb10/
https://nccikeja.com/back/lOo46UEiVanm/
https://mail.themintlist.com/wp-includes/S5xbjWOoM75ysw9xaM/
https://karaah.com/kvxtqec/L8mqXiKjN95uoFOQqDS/
https://mail.terinhumphrey.com/tasty-crab-promo/qBdohcsqomjFk/
https://mail.gymcoachjose.com/ew9iwl/av20pfJZ44/
https://sahayoghospitals.com/older/NFPLtNt4M3D1yYt/
http://3.130.37.158/wp-admin/YDjVQgZv/
https://stntools.com/js/uhTyC/
https://www.dirtduel.com/db/v4gdL66Y/
https://advancedguerrillamarketing.com/assets/oUD/
https://orelco.net/wp-admin/5NiO/
http://gainc.info/product3_files/PwAGXtbf6tn5r/
https://astronomy24x7.com/wp-content/05ZGtxtrfIxNVb0M/
Targets
-
-
Target
89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35
-
Size
151KB
-
MD5
57ae9a272db8afd8070654e33aad712e
-
SHA1
7d843ebfbc5f3c39fae771282397fb32167ec1c1
-
SHA256
89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35
-
SHA512
17446c77f0fc0058a7b947c4460c362bccccc9262a9543a9680bc6c8ff83219319656853665e33a7b295e91908b31159bc7b9351271896791f0cc2d18815c6dd
-
SSDEEP
3072:hcKoSsxzNDZLDZjlbR868O8KlVH3dehvMqAPjxO5xyZUE5V5xtezEVg8/dg1Gx0n:hcKoSsxzNDZLDZjlbR868O8KlVH3dehD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-