Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

DHL AWB #7...df.exe

windows7_x64

8

DHL AWB #7...df.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL AWB #7849402748,pdf.exe

  • Size

    3.6MB

  • Sample

    200707-51kb3r4pdn

  • MD5

    9e99a4fff1fd05c732ea969f7487021c

  • SHA1

    f77cd13be30627cf07d5117a55881d93149e8d36

  • SHA256

    649dcd10ca137b9ef60a6725714d8b48781b7db63b3802281e5d739dff31d1df

  • SHA512

    f2cb9f2b80598ac41f0b23a03d895b3eab0e49e9575d7d31c79719cb21905a1107537aa64550b6693dafa4f906ea1bc6ab28270377ceed6c8fb8d06dc1265639

Score
8/10
persistence

Malware Config

Targets

    • Target

      DHL AWB #7849402748,pdf.exe

    • Size

      3.6MB

    • MD5

      9e99a4fff1fd05c732ea969f7487021c

    • SHA1

      f77cd13be30627cf07d5117a55881d93149e8d36

    • SHA256

      649dcd10ca137b9ef60a6725714d8b48781b7db63b3802281e5d739dff31d1df

    • SHA512

      f2cb9f2b80598ac41f0b23a03d895b3eab0e49e9575d7d31c79719cb21905a1107537aa64550b6693dafa4f906ea1bc6ab28270377ceed6c8fb8d06dc1265639

    Score
    8/10
    persistence

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks