Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    setup.exe

  • Size

    81.7MB

  • Sample

    221025-a5ylcsbbcp

  • MD5

    af71d4b1b7ab5974c3565f9bc5aa5547

  • SHA1

    75c653ff9173a70d6bcb60a84a96f14ecb666bec

  • SHA256

    ca202c0380d05a819d48182f21af070112b39a4a2f26f9c3b6d2caeaa2fdfb87

  • SHA512

    855a9713f372cc1b280bb04a9183c9b060478e196cb78d06afe9083f55bdd4686befb2e1fa636381ce45269cbcc4235e6d3126429c0913878fa2492f718055de

  • SSDEEP

    393216:J+UwcyJhoonKYTXOnz3L2Vmd6mI/m3pyc/eO47G99MJBJHYJwMia/qdh:okyJ+UdTX4byVmdSKyuP+JGwla/qdh

Score
7/10

Malware Config

Targets

    • Target

      setup.exe

    • Size

      81.7MB

    • MD5

      af71d4b1b7ab5974c3565f9bc5aa5547

    • SHA1

      75c653ff9173a70d6bcb60a84a96f14ecb666bec

    • SHA256

      ca202c0380d05a819d48182f21af070112b39a4a2f26f9c3b6d2caeaa2fdfb87

    • SHA512

      855a9713f372cc1b280bb04a9183c9b060478e196cb78d06afe9083f55bdd4686befb2e1fa636381ce45269cbcc4235e6d3126429c0913878fa2492f718055de

    • SSDEEP

      393216:J+UwcyJhoonKYTXOnz3L2Vmd6mI/m3pyc/eO47G99MJBJHYJwMia/qdh:okyJ+UdTX4byVmdSKyuP+JGwla/qdh

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks