Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
637be346a1b764e9258b244328a60ef2.exe
-
Size
962KB
-
Sample
221104-ge513seaal
-
MD5
637be346a1b764e9258b244328a60ef2
-
SHA1
b995ae703d98ca0b211b82920ffc5ddb86391861
-
SHA256
29aca38a4c1e9a66d6b4bc3ef35413141853da6bd1491c931d7c3a695c3a03dd
-
SHA512
09cc5da4074c8a1f81513b14e5ba4254516a0781da24897e1a3422e8c4d5d5f735cfcf9b15c749143da92fe2723e2db3609716f4d859c05a1dc03a278c92d4bb
-
SSDEEP
24576:wGmj/1yqMiwFev4DDv26P+7/7gnQzg7799B:wGqy2Z4e6P+j7gnQw79
Static task
static1
Behavioral task
behavioral1
Sample
637be346a1b764e9258b244328a60ef2.exe
Resource
win7-20220812-en
Malware Config
Extracted
pony
http://185.165.29.116/kjosh1/1/gate.php
Targets
-
-
Target
637be346a1b764e9258b244328a60ef2.exe
-
Size
962KB
-
MD5
637be346a1b764e9258b244328a60ef2
-
SHA1
b995ae703d98ca0b211b82920ffc5ddb86391861
-
SHA256
29aca38a4c1e9a66d6b4bc3ef35413141853da6bd1491c931d7c3a695c3a03dd
-
SHA512
09cc5da4074c8a1f81513b14e5ba4254516a0781da24897e1a3422e8c4d5d5f735cfcf9b15c749143da92fe2723e2db3609716f4d859c05a1dc03a278c92d4bb
-
SSDEEP
24576:wGmj/1yqMiwFev4DDv26P+7/7gnQzg7799B:wGqy2Z4e6P+j7gnQw79
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-