Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Key Data 2...2).xll

windows7-x64

7

Key Data 2...2).xll

windows10-2004-x64

10

Key Data 2...1).xll

windows7-x64

10

Key Data 2...1).xll

windows10-2004-x64

1

Quarterly ...df.lnk

windows7-x64

7

Quarterly ...df.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Key Data 2023 Quarterly Cambodia Poll Appendix.zip

  • Size

    1.5MB

  • Sample

    240919-r5b6sstfkb

  • MD5

    6a0aa1baee0f621768130d8be822d6f0

  • SHA1

    7cb2c5009dc85fa80697ba4678a8545431ba82ad

  • SHA256

    913830666dd46e96e5ecbecc71e686e3c78d257ec7f5a0d0a451663251715800

  • SHA512

    aecbb8be36fcb2f0469ae96397f97811056d257590e86539a83906290375dadc5862e2d0ab221f0d8ef5666d739fa5ac7ab47713f5de6131bb8d5a846bd81ed9

  • SSDEEP

    24576:co3+iL2Wg6DRBWGvke801EWqlbQGLFOEojyMTDp2fcRch9q7jcXLADi:cQL2WgMBdke8pWqlbQG0EobTfcagADi

Score
10/10
discovery

Malware Config

Extracted

Language
xlm4.0
Source
1
=CALL("C:\Users\Admin\AppData\Local\Temp\Key Data 2023 Quarterly Cambodia Poll Appendix (2).xll", "xlAutoOpen", "")
2
=CALL("C:\Users\Admin\AppData\Local\Temp\Key Data 2023 Quarterly Cambodia Poll Appendix (2).xll", "xlAutoClose", "")

Extracted

Language
xlm4.0
Source
1
=CALL("C:\Users\Admin\AppData\Local\Temp\Key Data 2023 Quarterly Cambodia Poll Appendix(1).xll", "xlAutoOpen", "", )
2
=CALL("C:\Users\Admin\AppData\Local\Temp\Key Data 2023 Quarterly Cambodia Poll Appendix(1).xll", "xlAutoClose", "", )

Targets

    • Target

      Key Data 2023 Quarterly Cambodia Poll Appendix (2).xll

    • Size

      576KB

    • MD5

      a573c3a5f504fd22c302fbba6af0ab09

    • SHA1

      49c709788b9d18fa8e55b1ec7bbf114998a30d8c

    • SHA256

      7e9f91f0cfe3769df30608a88091ee19bc4cf52e8136157e4e0a5b6530d510ec

    • SHA512

      35d34b5add59cb38760feeb23b0bc26fefe76e0d59ac4d74c3231d24db0de49812dcf9b38acf97cd6146907064217c362a99fdbe22d49f6194cce500236c8a10

    • SSDEEP

      12288:Rn/zjvGHAykHJRLW/4+8bzbBSreM3/qZGDxl:Fz7GHAzH7jX1wFx

    Score
    10/10
    discovery

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      Key Data 2023 Quarterly Cambodia Poll Appendix(1).xll

    • Size

      660KB

    • MD5

      ea64d820b7ee387d0e811bca0104d9e4

    • SHA1

      6f48f58d80ae41f6b979402696c70db74afc3135

    • SHA256

      af74d416b65217d0b15163e7b3fd5d0702d65f88b260c269c128739e7e7a4c4d

    • SHA512

      b096717383ec11253d918efcdbe729752869b5e6502875affb1ceb98b8c7097c69103cb57993b42068c38c58781f5476453e5753b9f6e05403d41bc6b3bdf780

    • SSDEEP

      6144:yxOJXk57IMp7oyR4y6Qf3lbp83A6zbKsS5ukTP2YmqtbSGUmuqZGw+gSe81H9zq2:yx2s7IMrR4yVld8bzbBSreDqZGDxlq

    Score
    10/10
    discovery

    • Drops startup file

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      Quarterly Cambodia Poll Appendix.pdf.lnk

    • Size

      2.2MB

    • MD5

      23d55b0f6a502c7ed3a70d41272b0732

    • SHA1

      36a2c2cd63e3ca23a7934cfb3e7a957f2b5363f8

    • SHA256

      cfbd704cab3a8edd64f8bf89da7e352adf92bd187b3a7e4d0634a2dc764262b5

    • SHA512

      53984a522f5629f3bf64e62f9855254c74497388f0632e76b00fb16fba7b7fb45ffe2c0db7cd0e7016847f2a5d966e42b3081a47d6fc9a067c6bd0d9d9e752af

    • SSDEEP

      49152:zrdLymX/jNT7IBkZw3xFdyaxDadhCtbdMuC4vmYrl4GRGjEOaUJiuw:

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.