Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3309ab5e059263d016805bdc874d005e7b31e7853f5c3cd6e76adea7fff778d3

  • Size

    63KB

  • Sample

    241111-zxmasswhjd

  • MD5

    5ddbd78b8000244a6a69b24b23b0f425

  • SHA1

    ed5d56a224cbcf8ec54505381254bb80a32b7789

  • SHA256

    3309ab5e059263d016805bdc874d005e7b31e7853f5c3cd6e76adea7fff778d3

  • SHA512

    1080f063e57a2a9cabeedd25f767db9750cd29896788783439b09d7575472f9a3b3fbe59763284f72ad1d166f379867110c4a185c3aeedd7c474d0ca8ad24b40

  • SSDEEP

    1536:dpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9HuS4VcTO9/r7UYdEJe5oN/:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgH

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://www.careofu.com/PHPExcel/sQ78BedribNJZbGYj/

xlm40.dropper

https://cedeco.es/js/n74fS/

xlm40.dropper

http://balticcontrolbd.com/cgi-bin/Gu0xno0kIssGJF8/

xlm40.dropper

https://fikti.bem.gunadarma.ac.id/SDM/qNeMUe2RvxdvuRlf/

Targets

    • Target

      3309ab5e059263d016805bdc874d005e7b31e7853f5c3cd6e76adea7fff778d3

    • Size

      63KB

    • MD5

      5ddbd78b8000244a6a69b24b23b0f425

    • SHA1

      ed5d56a224cbcf8ec54505381254bb80a32b7789

    • SHA256

      3309ab5e059263d016805bdc874d005e7b31e7853f5c3cd6e76adea7fff778d3

    • SHA512

      1080f063e57a2a9cabeedd25f767db9750cd29896788783439b09d7575472f9a3b3fbe59763284f72ad1d166f379867110c4a185c3aeedd7c474d0ca8ad24b40

    • SSDEEP

      1536:dpKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg9HuS4VcTO9/r7UYdEJe5oN/:bKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgH

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks