Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1b6f69757ef23af5b07bfaf34a83115ab6a2c12abfe0c7ce693ab18373376b47

  • Size

    808KB

  • Sample

    221020-r57byaaabn

  • MD5

    9028d8fdcf15ecc6533f998b82cfcae0

  • SHA1

    676f28184518a99277d90255e21f3b6da0119b95

  • SHA256

    1b6f69757ef23af5b07bfaf34a83115ab6a2c12abfe0c7ce693ab18373376b47

  • SHA512

    1fd00a7ffe63771164d9ac66e38e49b9d518bbbe90f01fb58bee5769e4c44e1cc91fcf786ff57943626aded27cb2b275380e920adb7087ae0dfbf868de02888d

  • SSDEEP

    3072:a18SouhTTtfiCXl+0LbLuO5aYd/5q6rsg2ZaZ/VuXQMul6mdoCom9QEst3FmcSDw:U8Yd4iaYd/5EkhTlBy3Fmcow

Score
10/10

Malware Config

Targets

    • Target

      1b6f69757ef23af5b07bfaf34a83115ab6a2c12abfe0c7ce693ab18373376b47

    • Size

      808KB

    • MD5

      9028d8fdcf15ecc6533f998b82cfcae0

    • SHA1

      676f28184518a99277d90255e21f3b6da0119b95

    • SHA256

      1b6f69757ef23af5b07bfaf34a83115ab6a2c12abfe0c7ce693ab18373376b47

    • SHA512

      1fd00a7ffe63771164d9ac66e38e49b9d518bbbe90f01fb58bee5769e4c44e1cc91fcf786ff57943626aded27cb2b275380e920adb7087ae0dfbf868de02888d

    • SSDEEP

      3072:a18SouhTTtfiCXl+0LbLuO5aYd/5q6rsg2ZaZ/VuXQMul6mdoCom9QEst3FmcSDw:U8Yd4iaYd/5EkhTlBy3Fmcow

    Score
    10/10
    • Modifies firewall policy service

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks