Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    888e8631ef70f2d293c13c7220c2880f8ded7dc0eba3bcc9b9e9406837b79fbe

  • Size

    645KB

  • Sample

    221107-tq6szahfbk

  • MD5

    a05c0a0282db7dbd7aa46d08a1cfe446

  • SHA1

    8d08aeb8dba49db71ab414ab9d24eed6416733ab

  • SHA256

    888e8631ef70f2d293c13c7220c2880f8ded7dc0eba3bcc9b9e9406837b79fbe

  • SHA512

    d732b8de5f7a587de27f3242148d31a6f96c19ef281e3b83f40fef3023ce55049dc61637caf127f484b1651cd92af398c0fc38025ef7acf9bd351eb091cbca94

  • SSDEEP

    12288:TjkArEN249AyE/rbaMct4bO2/Vx8afeLdZkdIwcK0rOXc1JEpG7ppakmYSkJ:YFE//Tct4bOsHn4cdcK0qXcDelwJ

Malware Config

Targets

    • Target

      888e8631ef70f2d293c13c7220c2880f8ded7dc0eba3bcc9b9e9406837b79fbe

    • Size

      645KB

    • MD5

      a05c0a0282db7dbd7aa46d08a1cfe446

    • SHA1

      8d08aeb8dba49db71ab414ab9d24eed6416733ab

    • SHA256

      888e8631ef70f2d293c13c7220c2880f8ded7dc0eba3bcc9b9e9406837b79fbe

    • SHA512

      d732b8de5f7a587de27f3242148d31a6f96c19ef281e3b83f40fef3023ce55049dc61637caf127f484b1651cd92af398c0fc38025ef7acf9bd351eb091cbca94

    • SSDEEP

      12288:TjkArEN249AyE/rbaMct4bO2/Vx8afeLdZkdIwcK0rOXc1JEpG7ppakmYSkJ:YFE//Tct4bOsHn4cdcK0qXcDelwJ

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • UAC bypass

    • ModiLoader Second Stage

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v6

Tasks