Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

da6227fc2e...fb.exe

windows7-x64

10

da6227fc2e...fb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da6227fc2e4c7367f55622836fdad95b522dfd0ff89f2abb78cbfdfcbda0c8fb

  • Size

    304KB

  • Sample

    221003-dslmtadgc9

  • MD5

    4dc14fa51c8b3d2805b5111403554240

  • SHA1

    e2355b9aca627fb49a35fe878db5c0e346856770

  • SHA256

    da6227fc2e4c7367f55622836fdad95b522dfd0ff89f2abb78cbfdfcbda0c8fb

  • SHA512

    2416c3e5b4b6f05aaeeb9fd83e5907ed37758bee8a90f8f7464573c082d1c486b83f65f91189ad8b7716ef2c341788d222a8bf97624842987e988ddaa22f4047

  • SSDEEP

    6144:R/XHev4nGx/AMSDiaf2sG9+dUk8RlxHtcUt5XsYaY2YE:1X+wnaAMSDiaf2sG991tcUH8ff

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      da6227fc2e4c7367f55622836fdad95b522dfd0ff89f2abb78cbfdfcbda0c8fb

    • Size

      304KB

    • MD5

      4dc14fa51c8b3d2805b5111403554240

    • SHA1

      e2355b9aca627fb49a35fe878db5c0e346856770

    • SHA256

      da6227fc2e4c7367f55622836fdad95b522dfd0ff89f2abb78cbfdfcbda0c8fb

    • SHA512

      2416c3e5b4b6f05aaeeb9fd83e5907ed37758bee8a90f8f7464573c082d1c486b83f65f91189ad8b7716ef2c341788d222a8bf97624842987e988ddaa22f4047

    • SSDEEP

      6144:R/XHev4nGx/AMSDiaf2sG9+dUk8RlxHtcUt5XsYaY2YE:1X+wnaAMSDiaf2sG991tcUH8ff

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks