Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    303359be5a96f2404af7e635640b257d.exe

  • Size

    138KB

  • Sample

    220921-gx614ababn

  • MD5

    303359be5a96f2404af7e635640b257d

  • SHA1

    eed5a46a5605103022aee765c65b0edae9d33ebf

  • SHA256

    0670da9632a6639007d68c910a1bfdcca8ab9157324a65ce45bda3136f365a3c

  • SHA512

    526f035c53e3d5c6289f08dae106e8c955e83d1503a4bfd906e3f6997ee45f10cc942b55850e214036fbd560a568a3b4580eed4ad7d80977d2daa0e4681a00fc

  • SSDEEP

    3072:rw7s+ebZ7usUCAco7ILE0+50u+kKVzdCf/z8:rn+ebTUCAco7IZLYCZI/

Score
8/10

Malware Config

Targets

    • Target

      303359be5a96f2404af7e635640b257d.exe

    • Size

      138KB

    • MD5

      303359be5a96f2404af7e635640b257d

    • SHA1

      eed5a46a5605103022aee765c65b0edae9d33ebf

    • SHA256

      0670da9632a6639007d68c910a1bfdcca8ab9157324a65ce45bda3136f365a3c

    • SHA512

      526f035c53e3d5c6289f08dae106e8c955e83d1503a4bfd906e3f6997ee45f10cc942b55850e214036fbd560a568a3b4580eed4ad7d80977d2daa0e4681a00fc

    • SSDEEP

      3072:rw7s+ebZ7usUCAco7ILE0+50u+kKVzdCf/z8:rn+ebTUCAco7IZLYCZI/

    Score
    8/10
    • Adds policy Run key to start application

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks