Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    16d75e3a25399a4916f857ede7c43cb9e76d1b8db1c37b69199a4c12bd96b855

  • Size

    152KB

  • Sample

    221014-mbktmaahcj

  • MD5

    4f53c37fbef843a6e4b3dcfdc02f4e32

  • SHA1

    8075110a7221e02b6a4e05d879bb76d26666954c

  • SHA256

    16d75e3a25399a4916f857ede7c43cb9e76d1b8db1c37b69199a4c12bd96b855

  • SHA512

    2d67d0a2f171e3c14539e665b8b96bce1fcbe88cb9b99e81b3455e185841e709a98acda257276de36fa05a7f92284c26e8b4e994eb3a49b2d159933893157378

  • SSDEEP

    3072:lWxBJrx4M+eWfrRnW+ptPY55Z/X7Zzdp7UYl:JTDR9A55VF7j

Score
10/10

Malware Config

Targets

    • Target

      16d75e3a25399a4916f857ede7c43cb9e76d1b8db1c37b69199a4c12bd96b855

    • Size

      152KB

    • MD5

      4f53c37fbef843a6e4b3dcfdc02f4e32

    • SHA1

      8075110a7221e02b6a4e05d879bb76d26666954c

    • SHA256

      16d75e3a25399a4916f857ede7c43cb9e76d1b8db1c37b69199a4c12bd96b855

    • SHA512

      2d67d0a2f171e3c14539e665b8b96bce1fcbe88cb9b99e81b3455e185841e709a98acda257276de36fa05a7f92284c26e8b4e994eb3a49b2d159933893157378

    • SSDEEP

      3072:lWxBJrx4M+eWfrRnW+ptPY55Z/X7Zzdp7UYl:JTDR9A55VF7j

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks