Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8
-
Size
154KB
-
Sample
221028-w18resaehp
-
MD5
0cc7019af526b9ed1dec38f34e970925
-
SHA1
e9c63bfa5d2edbe1e559b9653a92ce52232e99e9
-
SHA256
891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8
-
SHA512
34578198cbda9a0b2c2d6d612f418add082e815c60564b38c8414197aa5a1f96f2861a61c6e99fd77a3a1ce01373f8723929eab9ffe7d0d1ef4b8b976d2961ed
-
SSDEEP
1536:z5pipAC24eEzdgSRAuspgZZJU9DcChEbIgrM1/jcK+RwW+B0DSjz0pDZOZBmZqRS:vCfz+JcCU7rM9l3rgg91uH3
Static task
static1
Behavioral task
behavioral1
Sample
891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8
-
Size
154KB
-
MD5
0cc7019af526b9ed1dec38f34e970925
-
SHA1
e9c63bfa5d2edbe1e559b9653a92ce52232e99e9
-
SHA256
891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8
-
SHA512
34578198cbda9a0b2c2d6d612f418add082e815c60564b38c8414197aa5a1f96f2861a61c6e99fd77a3a1ce01373f8723929eab9ffe7d0d1ef4b8b976d2961ed
-
SSDEEP
1536:z5pipAC24eEzdgSRAuspgZZJU9DcChEbIgrM1/jcK+RwW+B0DSjz0pDZOZBmZqRS:vCfz+JcCU7rM9l3rgg91uH3
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-