Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5e5791c3f9b8d158ea925e90510631dd4afc3d850d7b1c87b22f8cb30f69731e
-
Size
80KB
-
Sample
221002-11pqrsebfq
-
MD5
789b2d019ce1e089f23b34f9b93dd565
-
SHA1
3b3882a45eb17c14a40c604af3ee72587f3661e2
-
SHA256
5e5791c3f9b8d158ea925e90510631dd4afc3d850d7b1c87b22f8cb30f69731e
-
SHA512
9017ffffea9c77280b680170d94f77238f1d7b6fef5aa1ffe156f5998d879335be0a7baff85675d3d98a6936e2543b156075a88496dd51fc028ab28495883a3d
-
SSDEEP
1536:Md11RDEgq46nSfMVW13jtqIcaQ3MEc38KOngYpZQjwOf4BlEu7toePZeQ:EX5fMd8zAn7t+4BlEu7tbP4Q
Malware Config
Targets
-
-
Target
5e5791c3f9b8d158ea925e90510631dd4afc3d850d7b1c87b22f8cb30f69731e
-
Size
80KB
-
MD5
789b2d019ce1e089f23b34f9b93dd565
-
SHA1
3b3882a45eb17c14a40c604af3ee72587f3661e2
-
SHA256
5e5791c3f9b8d158ea925e90510631dd4afc3d850d7b1c87b22f8cb30f69731e
-
SHA512
9017ffffea9c77280b680170d94f77238f1d7b6fef5aa1ffe156f5998d879335be0a7baff85675d3d98a6936e2543b156075a88496dd51fc028ab28495883a3d
-
SSDEEP
1536:Md11RDEgq46nSfMVW13jtqIcaQ3MEc38KOngYpZQjwOf4BlEu7toePZeQ:EX5fMd8zAn7t+4BlEu7tbP4Q
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-