Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2a286adf6e4b47a84b0de5cec8ee9ea82e3e7f8e59a4d9098d13d93694c6b08b

  • Size

    333KB

  • Sample

    221107-q8k3faadh4

  • MD5

    06b7dcdff00ed18e156ba6cf4e9a02f7

  • SHA1

    541032ba6ab7c383b804161a1f881b447105677f

  • SHA256

    2a286adf6e4b47a84b0de5cec8ee9ea82e3e7f8e59a4d9098d13d93694c6b08b

  • SHA512

    6313af898c316cb7199b62e276175c4c1600be2b52ef9264476982864b6e37a9510e5c1a915ae91c72f34c24f63f761b8a4591b03b01b07343935bd59bde8d87

  • SSDEEP

    3072:9msKGgOkGqHmT76JidYL49Nw/fnQRi6RwhGpVAv6IQ9BiQc9A:9JqHmTieNwnKh5NZ9bH

Score
10/10

Malware Config

Targets

    • Target

      2a286adf6e4b47a84b0de5cec8ee9ea82e3e7f8e59a4d9098d13d93694c6b08b

    • Size

      333KB

    • MD5

      06b7dcdff00ed18e156ba6cf4e9a02f7

    • SHA1

      541032ba6ab7c383b804161a1f881b447105677f

    • SHA256

      2a286adf6e4b47a84b0de5cec8ee9ea82e3e7f8e59a4d9098d13d93694c6b08b

    • SHA512

      6313af898c316cb7199b62e276175c4c1600be2b52ef9264476982864b6e37a9510e5c1a915ae91c72f34c24f63f761b8a4591b03b01b07343935bd59bde8d87

    • SSDEEP

      3072:9msKGgOkGqHmT76JidYL49Nw/fnQRi6RwhGpVAv6IQ9BiQc9A:9JqHmTieNwnKh5NZ9bH

    Score
    10/10
    • Modifies firewall policy service

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks