Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8e90a589c41dfcbd1653803e6b50f8ba1eb9652c7ea049bbe1d5d7cc3c104ec4
-
Size
1016KB
-
Sample
221020-f8mwxsgab8
-
MD5
806813ee8fd000977577e8f3f316e650
-
SHA1
e6e6d51eacc9e5ce5528829df7cb0e36e542d065
-
SHA256
8e90a589c41dfcbd1653803e6b50f8ba1eb9652c7ea049bbe1d5d7cc3c104ec4
-
SHA512
cd7dcd534af89591f8030c5cdea4341570ed9599e5064d3564c4168d49bcf3027fd15883a1b35fdb8f703729f59a4c73aa7cf0bd557eb4f73d8142c7286023b9
-
SSDEEP
6144:EIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHU:EIXsgtvm1De5YlOx6lzBH46U
Malware Config
Targets
-
-
Target
8e90a589c41dfcbd1653803e6b50f8ba1eb9652c7ea049bbe1d5d7cc3c104ec4
-
Size
1016KB
-
MD5
806813ee8fd000977577e8f3f316e650
-
SHA1
e6e6d51eacc9e5ce5528829df7cb0e36e542d065
-
SHA256
8e90a589c41dfcbd1653803e6b50f8ba1eb9652c7ea049bbe1d5d7cc3c104ec4
-
SHA512
cd7dcd534af89591f8030c5cdea4341570ed9599e5064d3564c4168d49bcf3027fd15883a1b35fdb8f703729f59a4c73aa7cf0bd557eb4f73d8142c7286023b9
-
SSDEEP
6144:EIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHU:EIXsgtvm1De5YlOx6lzBH46U
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Adds policy Run key to start application
-
Disables RegEdit via registry modification
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-