Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e

  • Size

    552KB

  • Sample

    220919-dn1aeadgc9

  • MD5

    c1dca394e84edbea87941342072c82cc

  • SHA1

    32b4f5aff7fbe60b21efe6a71263cb702d0030e1

  • SHA256

    942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e

  • SHA512

    2f525867ae31599e9f9cb7c155958220859419a3fe2d4fbd5024648c7c5aae0a2e2dccb4afc3784a2b56090b693d9fbf9a6fc304b1700158a47da33cc4b2cfc5

  • SSDEEP

    12288:60vQwJcJmLoMIOABV2AWzj6b7MP+Dd2dvI4MW7K7yRLVVZLVMq:663Jwr3VgO7MP+h2/N7KwnIq

Score
8/10

Malware Config

Targets

    • Target

      942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e

    • Size

      552KB

    • MD5

      c1dca394e84edbea87941342072c82cc

    • SHA1

      32b4f5aff7fbe60b21efe6a71263cb702d0030e1

    • SHA256

      942ccb0c34ccc46b3f5b9566614932f7cb33bc93f09b0bd67a429a6b91c6125e

    • SHA512

      2f525867ae31599e9f9cb7c155958220859419a3fe2d4fbd5024648c7c5aae0a2e2dccb4afc3784a2b56090b693d9fbf9a6fc304b1700158a47da33cc4b2cfc5

    • SSDEEP

      12288:60vQwJcJmLoMIOABV2AWzj6b7MP+Dd2dvI4MW7K7yRLVVZLVMq:663Jwr3VgO7MP+h2/N7KwnIq

    Score
    8/10
    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks