Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1675a47031f9fb5e447ff15639c57bc6840377c1131d96ac36aaa93d75361e62

  • Size

    124KB

  • Sample

    221004-czmm1shcc2

  • MD5

    09a0ce158e62b384788c93cd8d43ac79

  • SHA1

    5b4f0030ade06db01043eeb3cabf240d2aabc71d

  • SHA256

    1675a47031f9fb5e447ff15639c57bc6840377c1131d96ac36aaa93d75361e62

  • SHA512

    44efdb0c2f8cca0c2c9cd12882f7d23ebd8192a94a5acf0905381884c872716100d44d48623a86f89edc3f10a075ade07d1205471ad1d06375b1fec768d7570a

  • SSDEEP

    3072:cEnzDuye7G008/yObs7jbGDIuNoS5PPF7DSpOO:L3NuyObIas6oAP9LO

Malware Config

Targets

    • Target

      1675a47031f9fb5e447ff15639c57bc6840377c1131d96ac36aaa93d75361e62

    • Size

      124KB

    • MD5

      09a0ce158e62b384788c93cd8d43ac79

    • SHA1

      5b4f0030ade06db01043eeb3cabf240d2aabc71d

    • SHA256

      1675a47031f9fb5e447ff15639c57bc6840377c1131d96ac36aaa93d75361e62

    • SHA512

      44efdb0c2f8cca0c2c9cd12882f7d23ebd8192a94a5acf0905381884c872716100d44d48623a86f89edc3f10a075ade07d1205471ad1d06375b1fec768d7570a

    • SSDEEP

      3072:cEnzDuye7G008/yObs7jbGDIuNoS5PPF7DSpOO:L3NuyObIas6oAP9LO

    • UAC bypass

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks