Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

attendees.xlsm

windows7-x64

3

attendees.xlsm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attendees.zip

  • Size

    488KB

  • Sample

    250321-w4wk9syrw4

  • MD5

    f77030baf04b5ac90e38d2282cbb9747

  • SHA1

    f21b61050e4adf6b02da0678b5992e1616fceeb1

  • SHA256

    4e988f47cc21b69536d5f7d6b824a0e9890a2d65eeafc139d3f980555bdc5e4f

  • SHA512

    c7e155530936cd84e8d06cdf10b7d5ab8ab5c3c80b253c40c674aa853d695f7e1212b3a74bee7f80a6de27f5ec958cbdf2a8f61a64245cf831c2e3cb87b9f913

  • SSDEEP

    12288:GoQAAKo/qkDvvJznpqL3te0paEDFWVVLyh5FD5RKlrCVCUVl:QzKo/Vr4rt1DWnyTFD5RKVCVCUz

Score
10/10
trickbotbankerdiscoverypackertrojan

Malware Config

Targets

    • Target

      attendees.xlsm

    • Size

      535KB

    • MD5

      b556307e1e6462a9aea5dc1f76667d10

    • SHA1

      e3525ffd85d51a0a502012492ed1ef54d22eec88

    • SHA256

      804e3a6cde4114e76fa911b699891535c8ed8b637ee9eaad373619e3ce36ee19

    • SHA512

      51666a80ae3ae2ba69954f47e36521ce08cece8dd258498a7cf88e6c2586fa9a66776c78d68538bca5568965ebca87e9d04ce79db2c2388716ab73182af7164b

    • SSDEEP

      12288:E9ijex0VbLbGeH+59SjrPImbT4XXO8RGNQpRtL8PZY4krmStNpc:E9fKVbLte52rPImbCjGWpj8BYVmSt/c

    Score
    10/10
    discoverytrickbotbankerpackertrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Trickbot

      Developed in 2016, TrickBot is one of the more recent banking Trojans.

      trojanbankertrickbot

    • Trickbot family

      trickbot

    • Templ.dll packer

      Detects Templ.dll packer which usually loads Trickbot.

      packer

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks