Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7b0ce96021...e8.exe

windows7-x64

10

7b0ce96021...e8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b0ce96021abcef8f0e3ba3ecd43618c7033025513b81ea8bf39e2cefaf0cce8

  • Size

    390KB

  • Sample

    221021-dey1zshchq

  • MD5

    4529fecf664706a64c26f877cb00fa42

  • SHA1

    8275776b9ea9bb6b29d34fe083d7295b824a19aa

  • SHA256

    7b0ce96021abcef8f0e3ba3ecd43618c7033025513b81ea8bf39e2cefaf0cce8

  • SHA512

    2928b8b04fd33e3beb25807f0fc4b9c2f72d955b3bce7d300c001ff4b859bb2fe75e47d17c2ea3e060b3f8cd6d77d46b699339d10508bad6dbf534666114f0d9

  • SSDEEP

    6144:LoJNVPEqg/pAtAhGmwdQ/Qvx5BIxhYBDmow3MBjknT/Ls/VhddiglZXT:LEVPKpmAhJe20x5GwBSoQodT4q

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      7b0ce96021abcef8f0e3ba3ecd43618c7033025513b81ea8bf39e2cefaf0cce8

    • Size

      390KB

    • MD5

      4529fecf664706a64c26f877cb00fa42

    • SHA1

      8275776b9ea9bb6b29d34fe083d7295b824a19aa

    • SHA256

      7b0ce96021abcef8f0e3ba3ecd43618c7033025513b81ea8bf39e2cefaf0cce8

    • SHA512

      2928b8b04fd33e3beb25807f0fc4b9c2f72d955b3bce7d300c001ff4b859bb2fe75e47d17c2ea3e060b3f8cd6d77d46b699339d10508bad6dbf534666114f0d9

    • SSDEEP

      6144:LoJNVPEqg/pAtAhGmwdQ/Qvx5BIxhYBDmow3MBjknT/Ls/VhddiglZXT:LEVPKpmAhJe20x5GwBSoQodT4q

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks