Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    523bd5d85c8c03e69700934972c154678ee9a09113839c4243c3b3a597f3e2cd

  • Size

    109KB

  • Sample

    221020-z1rppaehd3

  • MD5

    a00b0e934ffc9b757ecdf209d941a5c0

  • SHA1

    07ada1eb9d648d040a423d6ddea977a341f7f0a2

  • SHA256

    523bd5d85c8c03e69700934972c154678ee9a09113839c4243c3b3a597f3e2cd

  • SHA512

    dfc2d85a7d2073825a18eec14f8676a1166df235bc7d1c2bb52b7a4e43ae8e4d77344614b5e4180e146ea693315d189020ee05e90678bbcbdaf2988b497ddb67

  • SSDEEP

    3072:JTbD29WtS209fvFGgCr+zHB7szvphZ5gQrwWwzdFxI+:BbaLBFGNvphZ5HZGdF

Score
10/10

Malware Config

Targets

    • Target

      523bd5d85c8c03e69700934972c154678ee9a09113839c4243c3b3a597f3e2cd

    • Size

      109KB

    • MD5

      a00b0e934ffc9b757ecdf209d941a5c0

    • SHA1

      07ada1eb9d648d040a423d6ddea977a341f7f0a2

    • SHA256

      523bd5d85c8c03e69700934972c154678ee9a09113839c4243c3b3a597f3e2cd

    • SHA512

      dfc2d85a7d2073825a18eec14f8676a1166df235bc7d1c2bb52b7a4e43ae8e4d77344614b5e4180e146ea693315d189020ee05e90678bbcbdaf2988b497ddb67

    • SSDEEP

      3072:JTbD29WtS209fvFGgCr+zHB7szvphZ5gQrwWwzdFxI+:BbaLBFGNvphZ5HZGdF

    Score
    10/10
    • Modifies WinLogon for persistence

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks