Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f3ca53807f32ccbc241ce2b92d7ab0727cfdf45e3fd88b9e3ac9a063f0aff086.xlsx

  • Size

    736KB

  • Sample

    241013-cdz18axfnn

  • MD5

    7c34b23b4b7cb66c2393128c3f55a0e1

  • SHA1

    2cf918f985476c7d3988b7d2ac530d32c59de12d

  • SHA256

    f3ca53807f32ccbc241ce2b92d7ab0727cfdf45e3fd88b9e3ac9a063f0aff086

  • SHA512

    cd2d8d1f2e3accb677bed9be2a335253240458babedb514d88f31e980ed2740ebe586463fecf06ce5e3670ac430b1c54faf48732d29a98abeca28dae9daf537b

  • SSDEEP

    12288:4gDGK/3uJ3WSZvFsxoHXYo1NmcCYlnjeRKZLImngMVTGckDI:jqKg35DHoojmcCEnjeyLImnLVTv

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://raw.githubusercontent.com/CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg%20

exe.dropper

https://raw.githubusercontent.com/CryptersAndToolsOficial/ZIP/refs/heads/main/DetahNote_V.jpg%20

Targets

    • Target

      f3ca53807f32ccbc241ce2b92d7ab0727cfdf45e3fd88b9e3ac9a063f0aff086.xlsx

    • Size

      736KB

    • MD5

      7c34b23b4b7cb66c2393128c3f55a0e1

    • SHA1

      2cf918f985476c7d3988b7d2ac530d32c59de12d

    • SHA256

      f3ca53807f32ccbc241ce2b92d7ab0727cfdf45e3fd88b9e3ac9a063f0aff086

    • SHA512

      cd2d8d1f2e3accb677bed9be2a335253240458babedb514d88f31e980ed2740ebe586463fecf06ce5e3670ac430b1c54faf48732d29a98abeca28dae9daf537b

    • SSDEEP

      12288:4gDGK/3uJ3WSZvFsxoHXYo1NmcCYlnjeRKZLImngMVTGckDI:jqKg35DHoojmcCEnjeyLImnLVTv

    Score
    10/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks