Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0de3c0dc2cee95e4778d90f24c00f03b03e78d0042de12c6cbf24335168999ba

  • Size

    132KB

  • Sample

    221011-b65lqshff5

  • MD5

    66a8968e23ddbe470e39525b2ac106f1

  • SHA1

    40087e20932faae5762ad8dadf5f0dda6791cebf

  • SHA256

    0de3c0dc2cee95e4778d90f24c00f03b03e78d0042de12c6cbf24335168999ba

  • SHA512

    4f3963d7da52c6baf8732a02cb032f67457867473dd4a02017747c9e33d007372f4e41791427ffd51149b8b0288848aa1532309282b04611524dd9e567eb08e3

  • SSDEEP

    3072:IHhwYCmNLBVWTynxskcq4CzlNV3bXkdCS31YaTl:kCklVlx0lGlz3bXkN31Ys

Score
10/10

Malware Config

Targets

    • Target

      0de3c0dc2cee95e4778d90f24c00f03b03e78d0042de12c6cbf24335168999ba

    • Size

      132KB

    • MD5

      66a8968e23ddbe470e39525b2ac106f1

    • SHA1

      40087e20932faae5762ad8dadf5f0dda6791cebf

    • SHA256

      0de3c0dc2cee95e4778d90f24c00f03b03e78d0042de12c6cbf24335168999ba

    • SHA512

      4f3963d7da52c6baf8732a02cb032f67457867473dd4a02017747c9e33d007372f4e41791427ffd51149b8b0288848aa1532309282b04611524dd9e567eb08e3

    • SSDEEP

      3072:IHhwYCmNLBVWTynxskcq4CzlNV3bXkdCS31YaTl:kCklVlx0lGlz3bXkN31Ys

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks