Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
files.zip
-
Size
687KB
-
Sample
221117-c58sfade63
-
MD5
330ecf8b86b729b4c7c3cf1556739db3
-
SHA1
dd1655ee02d97110496eadf18997412fa9dbeaad
-
SHA256
12df68306288f11609ff1b5cac904fcaeab3f5561bcbf0f09c2bf439c6daeadc
-
SHA512
67c413868ea103c7a537fc76ea585fd790fbf517f1aec0251f563fddc1adf2daee7896fee25850f3403f133112f1fc2451b6cddacefaf5ae520e28930c20d260
-
SSDEEP
12288:UO3vAFIFP1pZG5tf+d6RToVXUWvZcmu0zpHG1JC9Luq2wiRXkWm3bXc9t7XwBB6E:UOo2tLGH+GTEXUWv11z1AJkuAihuX8tU
Static task
static1
Behavioral task
behavioral1
Sample
TdndchBWGClEyG.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
TdndchBWGClEyG.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
required documents.lnk
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
required documents.lnk
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
wabPTLAqdTmbJu.bat
Resource
win7-20221111-en
Malware Config
Extracted
bumblebee
15repl
23.108.57.200:443
103.144.139.158:443
23.106.160.52:443
Targets
-
-
Target
TdndchBWGClEyG.dll
-
Size
836KB
-
MD5
4ec372d945f4279858d8ed93a83154b8
-
SHA1
8c1818a64979a128808c971f5d66702fdf964660
-
SHA256
8533d14d0d29dc3534591363aab48c0857f855a416855042de18fc428a9adeb6
-
SHA512
8b5725b16875c372522a41ec9ef8839ccc45a3d4840176bab6bd527a4cac85490407fb8ccb8226f5b8be610127bc573ddd40872246ab4a72c85016089d25ecd3
-
SSDEEP
12288:EjFKLyV6iAV2xGu8AcsufT43mFdWOhV5dP4nODbBYRjRYBmCkvLBxa1FiTCci1JZ:EjFKOVBA/u8jPT2pOgOmpxndx3TCc
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
-
-
Target
required documents.lnk
-
Size
995B
-
MD5
32718d69a0919473c89e529b04a7cd38
-
SHA1
d0c4c19cf77676d2827e9b9596796583d95dce37
-
SHA256
d3c9dc14d8396686cb3c12b1a483ca30943d731f733614fda85e1039bff611c5
-
SHA512
b1119c69fb1c1205250a10ab4893072b4ed45f38f5b0af9fdfa8a6c442f738571cd09b5767345ce47414681475bd9e57fc1526185493c9c30cb8311c96e2c4ba
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
-
-
Target
wabPTLAqdTmbJu.bat
-
Size
1KB
-
MD5
9cf24d2ca62c63bf523c2ec835a26e9f
-
SHA1
6e665d29117d318abf8318beaac265818ee990c3
-
SHA256
9e847e0113ee63ea0bbb3e873a5a33013b45a249fb734a50bf16df986f9cfe4d
-
SHA512
0b19e3460218c43aa00c6244cc34aa6bf786e5157db61e7d5df1adb506cd6606c163b2c6392bc84129c16daa2eb74f8d3d32e769ca5d404807f2464cab3be5d1
-
Blocklisted process makes network request
-
Suspicious use of NtCreateThreadExHideFromDebugger
-