Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

57b5b10ab5...94.exe

windows7-x64

10

57b5b10ab5...94.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57b5b10ab543276440dbbe91867394f0db0fba810cecb4d99b6e21480ec3fa94

  • Size

    239KB

  • Sample

    221004-fvtgjsdea2

  • MD5

    1c470acf85ef922149f351df9d40c1fc

  • SHA1

    66f619676f1b7bf535db17f56ca45343a5da86ef

  • SHA256

    57b5b10ab543276440dbbe91867394f0db0fba810cecb4d99b6e21480ec3fa94

  • SHA512

    8236d30214b0ae1a41cbf00f252aef9b144fa82abe50695b907e3924e31952c064d74004e42fd13c2c8d120a6be2ff9e53163889d5a8ddc69c6369ee54725ac0

  • SSDEEP

    6144:iKK/LAiOHJL1lf/AR0XTH8g/jGJGpy0/FKk2Jfd4dV:iKK/LAHJL1lf/XXTHD/jGJGw07P

Score
10/10
evasionpersistencetrojanupx

Malware Config

Targets

    • Target

      57b5b10ab543276440dbbe91867394f0db0fba810cecb4d99b6e21480ec3fa94

    • Size

      239KB

    • MD5

      1c470acf85ef922149f351df9d40c1fc

    • SHA1

      66f619676f1b7bf535db17f56ca45343a5da86ef

    • SHA256

      57b5b10ab543276440dbbe91867394f0db0fba810cecb4d99b6e21480ec3fa94

    • SHA512

      8236d30214b0ae1a41cbf00f252aef9b144fa82abe50695b907e3924e31952c064d74004e42fd13c2c8d120a6be2ff9e53163889d5a8ddc69c6369ee54725ac0

    • SSDEEP

      6144:iKK/LAiOHJL1lf/AR0XTH8g/jGJGpy0/FKk2Jfd4dV:iKK/LAHJL1lf/XXTHD/jGJGw07P

    Score
    10/10
    evasionpersistencetrojanupx

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks