Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6a259d9835e29b5dcead72762b3bbcbf587ed698c6d64cea6b0760554183e59c

  • Size

    456KB

  • Sample

    221021-de5tjahdh9

  • MD5

    53c4f7882517eabc78d3ee22d897aa4e

  • SHA1

    c59e5a5b286eb15c22f1cf0975b11652f97c5ba9

  • SHA256

    6a259d9835e29b5dcead72762b3bbcbf587ed698c6d64cea6b0760554183e59c

  • SHA512

    47bef082df3e812f7e54e9b3236c915ffe093a679ae41c54946fe795e97489a027c38d1dc7a92ac18b86cbc2419fb5866b5e25dd17c47d90385996996bd78be5

  • SSDEEP

    12288:jEVXKpmokkif4JgTIoq43H2cE05nMx11DGkfb7i:jEtR8iAJgMe3H2cJCx1YOb7i

Malware Config

Targets

    • Target

      6a259d9835e29b5dcead72762b3bbcbf587ed698c6d64cea6b0760554183e59c

    • Size

      456KB

    • MD5

      53c4f7882517eabc78d3ee22d897aa4e

    • SHA1

      c59e5a5b286eb15c22f1cf0975b11652f97c5ba9

    • SHA256

      6a259d9835e29b5dcead72762b3bbcbf587ed698c6d64cea6b0760554183e59c

    • SHA512

      47bef082df3e812f7e54e9b3236c915ffe093a679ae41c54946fe795e97489a027c38d1dc7a92ac18b86cbc2419fb5866b5e25dd17c47d90385996996bd78be5

    • SSDEEP

      12288:jEVXKpmokkif4JgTIoq43H2cE05nMx11DGkfb7i:jEtR8iAJgMe3H2cJCx1YOb7i

    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks