Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ungziped_file
-
Size
224KB
-
Sample
221031-m2xacaagb4
-
MD5
c7eac5a7087af67171d5515c27d6f927
-
SHA1
3e036ca39fab2b5e47aa297b5951954ac45dc6f6
-
SHA256
0e00f12317743737906e4779e5a936985e8ee76a8254a7ef81f67a5509e9f524
-
SHA512
cd8f759a09101917d053cbcf3a2269709711e959ac7c655813b8d288da6a507fedd42b06f9fc5a7e17298607543317ccf3fde2754ac7c0120d3513558ac071d5
-
SSDEEP
6144:qweEpSKY3hdH6CVjlmaEJlnXEGkCnFSN6xZkfpNvpJ:bSN6mlFm0GkiCSChNj
Static task
static1
Behavioral task
behavioral1
Sample
ungziped_file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ungziped_file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
formbook
0nta
gbsCquDKPUb+i0Rm
eccFwzyxeEotI8Ul4YIzPg==
bdsn2Sl9Bol+2aFJ6MKrx3NcrN+kLrA=
SLPEtzgs6DQUEdHiW3vibToq
Bl967wbymDrsQ18=
BWvuZozwNlwVYjPGv4hDOw==
L5nwqf9dGOOqwX+MGq2BhkBzz+ne
X6uAMol2Y9eex43gdg4=
0jFwFmPSjKJeT0s=
O3q7eQw18Jxs
R6HrqxiWheCCueVv
K2V+CD6jnKBbVPYHy89ho8I=
YLcAq+U9+uDgOfvdLvzp
kQPCgwDontKJxI3gdg4=
aeIPy0axLpNaaA52M8aGxaNE/Qk=
9T97HXSZjG1l
Nm9n0uvKQ0j+i0Rm
DIKJzOFACPe0LwgytIse0U/TqkgGhA==
Ya+2H09GvMXEEiy/0GLibToq
cruIS/BVRkv8+LjVkzTibToq
leO1fgPnnhQGXTrMv4hDOw==
3i3ulfDRgMuP5GsUZw==
92BjUsCmX5FowY3gdg4=
HIMNlLUWzQfKvw==
U6lEIJH3duuI2XEUcQ==
ULtEwgL28HU5Vh/Ev4hDOw==
MXcRksygXa2rxHJZbw7w
9mfzcY4GqH5pqbQ3Rt2j8b7fYrfH
C29z7BFwZ3Zpkd0fFOXh
FFk26ygE9o5+uZHYWwQ=
medo6hn8CCmC02tyOgg=
hPn3gplz9iHwQw+wPwrYHG6szw==
60qLP3yEL493lWgYGywmMQ==
lf4EgawHw3YnYxkqLjv65dU=
vRO5OFfOk1XQUWUKYw==
gtfnbZ+Q/l4FVVw=
buNaSsku3Mt6+x2flB3h
lec7/3HqoYNhnspKMwj3Wx0IsfqKKbg=
C38HleJiDbJ1hUS+y2fibToq
iIWx6f8X2V4FVVw=
AmfjXHrn1Wo5gVN4
wQEM5EosIxznPFQ=
c9mMjuXWhPLmJ0dwDq59waNE/Qk=
Trc0tO1qFtqZ7rHCqoNGlS8g
gre0TYdsoeWzuQ==
G3lPBm9aCjcRFY3gdg4=
yR0T8E0sFa+n97pwNeO/BQGmY7Aumw==
cORlVLyOAF4FVVw=
G3+Obu/KeaFlm6nfGywmMQ==
VrlBL74ZmCslGY3gdg4=
h9Ga7h0akLs1Qfce74ptk2vDb6o07KE=
G3F29VK5bGXLTKo+fg==
RL03ospO+cR7dAD5xs9ho8I=
7lINtwkA51shJLFKiWhAksA=
7zk7wu/TTkgOHdjqonVdtqNE/Qk=
pPdE9zQinZllgN0fFOXh
WZdOCaKTCO/LCBjBv4hDOw==
60RS1hNzUmhbW+TwvIJwtEKfpwY=
R4uO/jGUUfbFMfrdLvzp
tydhJqcMyJ9xXQyyv4hDOw==
2AzOpcN4ZY4=
1DF2H4a87Aa/PVrt7Hw4Td3vc8zU
rPxA9CPNj5V4
rvcChtorsSLzPVxrGLt9waNE/Qk=
zlws40fk6.com
Targets
-
-
Target
ungziped_file
-
Size
224KB
-
MD5
c7eac5a7087af67171d5515c27d6f927
-
SHA1
3e036ca39fab2b5e47aa297b5951954ac45dc6f6
-
SHA256
0e00f12317743737906e4779e5a936985e8ee76a8254a7ef81f67a5509e9f524
-
SHA512
cd8f759a09101917d053cbcf3a2269709711e959ac7c655813b8d288da6a507fedd42b06f9fc5a7e17298607543317ccf3fde2754ac7c0120d3513558ac071d5
-
SSDEEP
6144:qweEpSKY3hdH6CVjlmaEJlnXEGkCnFSN6xZkfpNvpJ:bSN6mlFm0GkiCSChNj
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-