Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    347cb884636dff3d0bd7bce7da84e6b197f917c91d60dd0fd2c1863938378873

  • Size

    221KB

  • Sample

    221107-zkep7abahk

  • MD5

    02a5acd2b2818430cd7ee45eb1766617

  • SHA1

    935824d6cdbb285c6c410e354eca70d2234c1370

  • SHA256

    347cb884636dff3d0bd7bce7da84e6b197f917c91d60dd0fd2c1863938378873

  • SHA512

    27a26b1c5e4fcede87e4b1716412d5ee2653eb768caffdf1567840bbf5817ae39723ae7f5d5657bbae207d4599fd473398e9549162f1ce809f1a1d73d19fa36d

  • SSDEEP

    3072:RlV6IEmxHwwAO5AhHJybRGjKy6bUKxZZmmqzXQoYKmKdbA64anhnoqh234Y16Z:tN7j0jxmA4apoqh2l

Score
10/10

Malware Config

Targets

    • Target

      347cb884636dff3d0bd7bce7da84e6b197f917c91d60dd0fd2c1863938378873

    • Size

      221KB

    • MD5

      02a5acd2b2818430cd7ee45eb1766617

    • SHA1

      935824d6cdbb285c6c410e354eca70d2234c1370

    • SHA256

      347cb884636dff3d0bd7bce7da84e6b197f917c91d60dd0fd2c1863938378873

    • SHA512

      27a26b1c5e4fcede87e4b1716412d5ee2653eb768caffdf1567840bbf5817ae39723ae7f5d5657bbae207d4599fd473398e9549162f1ce809f1a1d73d19fa36d

    • SSDEEP

      3072:RlV6IEmxHwwAO5AhHJybRGjKy6bUKxZZmmqzXQoYKmKdbA64anhnoqh234Y16Z:tN7j0jxmA4apoqh2l

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

MITRE ATT&CK Enterprise v6

Tasks