Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8

  • Size

    154KB

  • Sample

    221028-w18resaehp

  • MD5

    0cc7019af526b9ed1dec38f34e970925

  • SHA1

    e9c63bfa5d2edbe1e559b9653a92ce52232e99e9

  • SHA256

    891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8

  • SHA512

    34578198cbda9a0b2c2d6d612f418add082e815c60564b38c8414197aa5a1f96f2861a61c6e99fd77a3a1ce01373f8723929eab9ffe7d0d1ef4b8b976d2961ed

  • SSDEEP

    1536:z5pipAC24eEzdgSRAuspgZZJU9DcChEbIgrM1/jcK+RwW+B0DSjz0pDZOZBmZqRS:vCfz+JcCU7rM9l3rgg91uH3

Score
10/10

Malware Config

Targets

    • Target

      891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8

    • Size

      154KB

    • MD5

      0cc7019af526b9ed1dec38f34e970925

    • SHA1

      e9c63bfa5d2edbe1e559b9653a92ce52232e99e9

    • SHA256

      891491eec23ffa62005a8220fbeade4445e603664ad202c7fc98d953db79b6b8

    • SHA512

      34578198cbda9a0b2c2d6d612f418add082e815c60564b38c8414197aa5a1f96f2861a61c6e99fd77a3a1ce01373f8723929eab9ffe7d0d1ef4b8b976d2961ed

    • SSDEEP

      1536:z5pipAC24eEzdgSRAuspgZZJU9DcChEbIgrM1/jcK+RwW+B0DSjz0pDZOZBmZqRS:vCfz+JcCU7rM9l3rgg91uH3

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks