Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee

  • Size

    619KB

  • Sample

    220919-elwpwabcgq

  • MD5

    464dc36b66a7a838464b8b971bc61a6b

  • SHA1

    063f715b9a864d6a14d358b1a7f52c85ee22caf1

  • SHA256

    12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee

  • SHA512

    f15abc22ee0ca2f1e7c5abf61742db49bb2cc77139d55cb9e18e7ac1123176c31e7396d3764fbe8fde0517e988a76cbb6d5d28f66d6805b7fc67a077f4af667b

  • SSDEEP

    12288:x6Wq4aaE6KwyF5L0Y2D1PqLnFdLMOvGeD86h73ToEhbRcl:HthEVaPqLoiHH3TPhbql

Score
10/10

Malware Config

Targets

    • Target

      12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee

    • Size

      619KB

    • MD5

      464dc36b66a7a838464b8b971bc61a6b

    • SHA1

      063f715b9a864d6a14d358b1a7f52c85ee22caf1

    • SHA256

      12ec0d5101214c7e6254fcf0b441c4d8ab1870372c96901d534c6bf9724c5aee

    • SHA512

      f15abc22ee0ca2f1e7c5abf61742db49bb2cc77139d55cb9e18e7ac1123176c31e7396d3764fbe8fde0517e988a76cbb6d5d28f66d6805b7fc67a077f4af667b

    • SSDEEP

      12288:x6Wq4aaE6KwyF5L0Y2D1PqLnFdLMOvGeD86h73ToEhbRcl:HthEVaPqLoiHH3TPhbql

    Score
    10/10
    • Modifies firewall policy service

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Modifies WinLogon

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks