Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

8

c73fa4b97c...f5.exe

windows7-x64

8

c73fa4b97c...f5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c73fa4b97c4188faf98eba38fdeea572c7a939719ff61258a3056b56f9f31df5

  • Size

    133KB

  • Sample

    221011-1gefpafedq

  • MD5

    63feca6b2fc793013b873addaef4f610

  • SHA1

    0f2a5bf9caf207fa118b1550dac2920a5bd9f288

  • SHA256

    c73fa4b97c4188faf98eba38fdeea572c7a939719ff61258a3056b56f9f31df5

  • SHA512

    ec85d8d9f69f8fa1dbc59808647b61d98494ae66997abf819a60b9f936f73d7a5d01466d89ec84c0b6fc5591c4708bca6d41cd2c08b186df04ce19defb8d9212

  • SSDEEP

    3072:pYBjzosGnQpOe237XE35XeE79enCiM5cEwDjAS+umjiJbqrWTI:NsGQwb37XE3ZeykGnqES+vuJSmI

Score
10/10
evasionpersistencevmprotect

Malware Config

Targets

    • Target

      c73fa4b97c4188faf98eba38fdeea572c7a939719ff61258a3056b56f9f31df5

    • Size

      133KB

    • MD5

      63feca6b2fc793013b873addaef4f610

    • SHA1

      0f2a5bf9caf207fa118b1550dac2920a5bd9f288

    • SHA256

      c73fa4b97c4188faf98eba38fdeea572c7a939719ff61258a3056b56f9f31df5

    • SHA512

      ec85d8d9f69f8fa1dbc59808647b61d98494ae66997abf819a60b9f936f73d7a5d01466d89ec84c0b6fc5591c4708bca6d41cd2c08b186df04ce19defb8d9212

    • SSDEEP

      3072:pYBjzosGnQpOe237XE35XeE79enCiM5cEwDjAS+umjiJbqrWTI:NsGQwb37XE3ZeykGnqES+vuJSmI

    Score
    10/10
    persistencevmprotectevasion

    • Modifies firewall policy service

      evasion

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

      persistence

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks