Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f26a9329859fecaecc84789373c1d821af014105b270532c6976595ecd17cbbc
-
Size
506KB
-
Sample
221011-c8lgbabfdl
-
MD5
70d62efe37d69761b0a8e6464e5d8eba
-
SHA1
9889e3694eb030667bccb25de13512f0e5b7e950
-
SHA256
f26a9329859fecaecc84789373c1d821af014105b270532c6976595ecd17cbbc
-
SHA512
cc285382386b488a547cbf3b3ad32cefe187d824a38267eca25f1f0348054e4df4c0525ae500a447515eb7cfbd9b34c2b530d9473f433c54863939740656c01c
-
SSDEEP
12288:YnZIwuwZ44xyrlEYcXtFZB3gKGZ5jSEAgBGY62XWuuB1:aIvH4xZBwrjSEL6Xr
Behavioral task
behavioral1
Sample
f26a9329859fecaecc84789373c1d821af014105b270532c6976595ecd17cbbc.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f26a9329859fecaecc84789373c1d821af014105b270532c6976595ecd17cbbc.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
f26a9329859fecaecc84789373c1d821af014105b270532c6976595ecd17cbbc
-
Size
506KB
-
MD5
70d62efe37d69761b0a8e6464e5d8eba
-
SHA1
9889e3694eb030667bccb25de13512f0e5b7e950
-
SHA256
f26a9329859fecaecc84789373c1d821af014105b270532c6976595ecd17cbbc
-
SHA512
cc285382386b488a547cbf3b3ad32cefe187d824a38267eca25f1f0348054e4df4c0525ae500a447515eb7cfbd9b34c2b530d9473f433c54863939740656c01c
-
SSDEEP
12288:YnZIwuwZ44xyrlEYcXtFZB3gKGZ5jSEAgBGY62XWuuB1:aIvH4xZBwrjSEL6Xr
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-