Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    00F1S56789S0W1PAGO198CCS716.zip

  • Size

    5.1MB

  • Sample

    221020-xqma4saff3

  • MD5

    da8e62e4fc690717033d31a48ff11990

  • SHA1

    2cf5194673311b0b3a2f4e88f31c37dfd94dc301

  • SHA256

    4fd239fb48b377bf8ea5165548643bbf0bcc24183e0de92bd39bd0f85da53f8c

  • SHA512

    8ce017d620e9fc3771fb9abd63494492f80f8e442ff40b65c18d2379a1c15d5d496f4dfcfbf373d7efbd691a8c2927dd35d936a66b2e279489d8528da1fb5e02

  • SSDEEP

    98304:tuqxyTJfOHKM5s1JeUkirKwQitd6Xgg3D4Xe2yr3633xUvDSVBr8:tFA1GHKM21JQip/PMDNFrwUvDSV98

Score
8/10

Malware Config

Targets

    • Target

      00F1S56789S0W1PAGO198CCS716.zip

    • Size

      5.1MB

    • MD5

      da8e62e4fc690717033d31a48ff11990

    • SHA1

      2cf5194673311b0b3a2f4e88f31c37dfd94dc301

    • SHA256

      4fd239fb48b377bf8ea5165548643bbf0bcc24183e0de92bd39bd0f85da53f8c

    • SHA512

      8ce017d620e9fc3771fb9abd63494492f80f8e442ff40b65c18d2379a1c15d5d496f4dfcfbf373d7efbd691a8c2927dd35d936a66b2e279489d8528da1fb5e02

    • SSDEEP

      98304:tuqxyTJfOHKM5s1JeUkirKwQitd6Xgg3D4Xe2yr3633xUvDSVBr8:tFA1GHKM21JQip/PMDNFrwUvDSV98

    Score
    1/10
    • Target

      00F1S56789S0W1PAGO198CCS716.msi

    • Size

      5.6MB

    • MD5

      9954caa0ca30ffe96b4707dc93f6e607

    • SHA1

      570d59cedeb20e4a7db84311741655f45ffdd519

    • SHA256

      ca4519fc650d94793df6cc7045548946c49dcfde58891d8afd1c38103a297d12

    • SHA512

      8ab5ce0a24fcb7465b5c1a83b7c88629514dce7fa7fd1078cd3aa78a608455c88c766c997d4f067659adb44f4a3154412248a92ce9da78688c9320dad83eb58b

    • SSDEEP

      98304:jYOJapMr9FODk8Q6zwYmtwC+UDH6fqy3buT+4OD16dZxCD8YWWgLB8eCA:LAuJoezjTub3xDiCIY1i

    Score
    8/10
    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks