Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b0fc9842a36bac898fede9c6c5990fd5f0ce2f635c11184af81fb508e1c8cdb

  • Size

    251KB

  • Sample

    221002-at7pwsfaer

  • MD5

    4f7ab5d4c49c066debaefb768f1db000

  • SHA1

    d019b88f0a547914d4bc2e62451184807fb7d887

  • SHA256

    5b0fc9842a36bac898fede9c6c5990fd5f0ce2f635c11184af81fb508e1c8cdb

  • SHA512

    0fcf110ccff218ff3d5cf712fda489e73a9fd103652350cda4c974f15c423fc20b21110b81ff94de45b6ac5a5837eea50c06ca54e44c662500c1c5a8e6f38c96

  • SSDEEP

    3072:K4L9uT6U+45GZD1e8jdBv9+5An1HCfdHLU9d6c6V1YBLSkPPPmynIGoqqWOXK:LL9uT6B4lw+5An1HCfdguqHnIi

Score
10/10

Malware Config

Targets

    • Target

      5b0fc9842a36bac898fede9c6c5990fd5f0ce2f635c11184af81fb508e1c8cdb

    • Size

      251KB

    • MD5

      4f7ab5d4c49c066debaefb768f1db000

    • SHA1

      d019b88f0a547914d4bc2e62451184807fb7d887

    • SHA256

      5b0fc9842a36bac898fede9c6c5990fd5f0ce2f635c11184af81fb508e1c8cdb

    • SHA512

      0fcf110ccff218ff3d5cf712fda489e73a9fd103652350cda4c974f15c423fc20b21110b81ff94de45b6ac5a5837eea50c06ca54e44c662500c1c5a8e6f38c96

    • SSDEEP

      3072:K4L9uT6U+45GZD1e8jdBv9+5An1HCfdHLU9d6c6V1YBLSkPPPmynIGoqqWOXK:LL9uT6B4lw+5An1HCfdguqHnIi

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks