Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    57b5b10ab543276440dbbe91867394f0db0fba810cecb4d99b6e21480ec3fa94

  • Size

    239KB

  • Sample

    221004-fvtgjsdea2

  • MD5

    1c470acf85ef922149f351df9d40c1fc

  • SHA1

    66f619676f1b7bf535db17f56ca45343a5da86ef

  • SHA256

    57b5b10ab543276440dbbe91867394f0db0fba810cecb4d99b6e21480ec3fa94

  • SHA512

    8236d30214b0ae1a41cbf00f252aef9b144fa82abe50695b907e3924e31952c064d74004e42fd13c2c8d120a6be2ff9e53163889d5a8ddc69c6369ee54725ac0

  • SSDEEP

    6144:iKK/LAiOHJL1lf/AR0XTH8g/jGJGpy0/FKk2Jfd4dV:iKK/LAHJL1lf/XXTHD/jGJGw07P

Malware Config

Targets

    • Target

      57b5b10ab543276440dbbe91867394f0db0fba810cecb4d99b6e21480ec3fa94

    • Size

      239KB

    • MD5

      1c470acf85ef922149f351df9d40c1fc

    • SHA1

      66f619676f1b7bf535db17f56ca45343a5da86ef

    • SHA256

      57b5b10ab543276440dbbe91867394f0db0fba810cecb4d99b6e21480ec3fa94

    • SHA512

      8236d30214b0ae1a41cbf00f252aef9b144fa82abe50695b907e3924e31952c064d74004e42fd13c2c8d120a6be2ff9e53163889d5a8ddc69c6369ee54725ac0

    • SSDEEP

      6144:iKK/LAiOHJL1lf/AR0XTH8g/jGJGpy0/FKk2Jfd4dV:iKK/LAHJL1lf/XXTHD/jGJGw07P

    • Modifies WinLogon for persistence

    • UAC bypass

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks