Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO 7500093232.exe
-
Size
482KB
-
Sample
220801-zaq1gagfh2
-
MD5
832efb6bf9f508ebb2c41257fadcc300
-
SHA1
1e8667e1561c3411f42f98c494dcc99be36d6d6a
-
SHA256
f9bc0d5860d6135dab48b897e55465d88ebd0ca9b73ebdbaf83957d6e3bee26f
-
SHA512
f866c97b78b006891b34b5afa8f0d3e3a8bf0e7033ab8970e142427e2611f07127fb3661bec26d43e0f68aa9e19aa8932adc2fb296cf1cdfdd85dd2b72eb30ea
Static task
static1
Behavioral task
behavioral1
Sample
PO 7500093232.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
PO 7500093232.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
PO 7500093232.exe
-
Size
482KB
-
MD5
832efb6bf9f508ebb2c41257fadcc300
-
SHA1
1e8667e1561c3411f42f98c494dcc99be36d6d6a
-
SHA256
f9bc0d5860d6135dab48b897e55465d88ebd0ca9b73ebdbaf83957d6e3bee26f
-
SHA512
f866c97b78b006891b34b5afa8f0d3e3a8bf0e7033ab8970e142427e2611f07127fb3661bec26d43e0f68aa9e19aa8932adc2fb296cf1cdfdd85dd2b72eb30ea
Score10/10-
StormKitty payload
-
Downloads MZ/PE file
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-