Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

61813e2eaf...ee.exe

windows7-x64

10

61813e2eaf...ee.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61813e2eaf167ce0b7db5db00760d2247128b918d69c5cdd6d8c86ccb978e9ee

  • Size

    554KB

  • Sample

    221019-2n9e3sbfhq

  • MD5

    920dbc03f2b68c7858e190b329564080

  • SHA1

    816c13db1ca80eb5673cab7a47955dea8e9b98b6

  • SHA256

    61813e2eaf167ce0b7db5db00760d2247128b918d69c5cdd6d8c86ccb978e9ee

  • SHA512

    726ad60eeb6868487336340d90d1fb56571b1ed4cae58766db95034b82f0523dcb57f60743dba8bc3df6876a2f34d9bab94f79ba7ae81aeb6ea33c41c6ceebc4

  • SSDEEP

    6144:imVCRD/xy7N6MQ2K2mm0Wse1/QlmznD0ui2n3R9e/l+AlK/HLKzuCMU7cDFlGI/w:iFD/xys2K2mmHs+00Ddi2n3XeN+bHIT

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      61813e2eaf167ce0b7db5db00760d2247128b918d69c5cdd6d8c86ccb978e9ee

    • Size

      554KB

    • MD5

      920dbc03f2b68c7858e190b329564080

    • SHA1

      816c13db1ca80eb5673cab7a47955dea8e9b98b6

    • SHA256

      61813e2eaf167ce0b7db5db00760d2247128b918d69c5cdd6d8c86ccb978e9ee

    • SHA512

      726ad60eeb6868487336340d90d1fb56571b1ed4cae58766db95034b82f0523dcb57f60743dba8bc3df6876a2f34d9bab94f79ba7ae81aeb6ea33c41c6ceebc4

    • SSDEEP

      6144:imVCRD/xy7N6MQ2K2mm0Wse1/QlmznD0ui2n3R9e/l+AlK/HLKzuCMU7cDFlGI/w:iFD/xys2K2mmHs+00Ddi2n3XeN+bHIT

    Score
    10/10
    evasionpersistenceupx

    • Modifies WinLogon for persistence

      persistence

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks