Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

13/10/2022, 06:36

221013-hc4wnsbbg7 9

13/10/2022, 06:20

221013-g3y8faahhj 9

12/10/2022, 15:04

221012-sfnc7sgehq 8

General

  • Target

    Sample.exe

  • Size

    134.8MB

  • Sample

    221012-sfnc7sgehq

  • MD5

    b91f99b87d1b4b97de96809626dce0f7

  • SHA1

    6ba6325ffd36a0ee0ce6e3628d91848a9757dd91

  • SHA256

    4773be03b5794908a31aba98a946f02eec075bb7144411bec6d9fa88bb6d5e8e

  • SHA512

    72532f9102d43a78dac3563d881df6d207540544c5702c85f3560a321e32507ea9160eeea29a8e533a52ffe930b7042f80b22a037b1e5d2c10f12f17476f9b14

  • SSDEEP

    3145728:Xmx2gA7SyL7n56rVjfgK+BSQUE19x2gAGN0GYNbVZ5ZNaZWwGA:4/yHSVLgK+BfLzNXEZN/bA

Malware Config

Targets

    • Target

      Sample.exe

    • Size

      134.8MB

    • MD5

      b91f99b87d1b4b97de96809626dce0f7

    • SHA1

      6ba6325ffd36a0ee0ce6e3628d91848a9757dd91

    • SHA256

      4773be03b5794908a31aba98a946f02eec075bb7144411bec6d9fa88bb6d5e8e

    • SHA512

      72532f9102d43a78dac3563d881df6d207540544c5702c85f3560a321e32507ea9160eeea29a8e533a52ffe930b7042f80b22a037b1e5d2c10f12f17476f9b14

    • SSDEEP

      3145728:Xmx2gA7SyL7n56rVjfgK+BSQUE19x2gAGN0GYNbVZ5ZNaZWwGA:4/yHSVLgK+BfLzNXEZN/bA

    • Contacts a large (1029) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks