Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

167b598287...a9.exe

windows7-x64

10

167b598287...a9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    167b598287f786d37092f7b23f5422c1474b6e3d1477194876cde0a38e901fa9

  • Size

    721KB

  • Sample

    221003-1g3hhsgfap

  • MD5

    4ea22f2e7fc10b58052fbae4c991f230

  • SHA1

    db0ea5ce251e2da19c38f5b07640043e7ceac7d8

  • SHA256

    167b598287f786d37092f7b23f5422c1474b6e3d1477194876cde0a38e901fa9

  • SHA512

    601e9ea446b29678036693f214e4901af0746750fc031ceae8b56a04713bfb7085a22f1bcd773ee02a403294335f437c009e681fd14499209b7718378b263b88

  • SSDEEP

    12288:QUp3EQ6T6jpV3KVMeHf2Jl84yfFr+3p8rkKQr6MCNVkgQpNaQ4ppFJN9IJaXS+:QKTV0TfkOYK1NkgQ3+mJaC+

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      167b598287f786d37092f7b23f5422c1474b6e3d1477194876cde0a38e901fa9

    • Size

      721KB

    • MD5

      4ea22f2e7fc10b58052fbae4c991f230

    • SHA1

      db0ea5ce251e2da19c38f5b07640043e7ceac7d8

    • SHA256

      167b598287f786d37092f7b23f5422c1474b6e3d1477194876cde0a38e901fa9

    • SHA512

      601e9ea446b29678036693f214e4901af0746750fc031ceae8b56a04713bfb7085a22f1bcd773ee02a403294335f437c009e681fd14499209b7718378b263b88

    • SSDEEP

      12288:QUp3EQ6T6jpV3KVMeHf2Jl84yfFr+3p8rkKQr6MCNVkgQpNaQ4ppFJN9IJaXS+:QKTV0TfkOYK1NkgQ3+mJaC+

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks