Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

d567cea27f...8e.exe

windows7-x64

10

d567cea27f...8e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d567cea27f3be5b7d14ef3fc02525bd2443bc8688c4381d3a25d63a077f72f8e

  • Size

    611KB

  • Sample

    221121-n2m74shb79

  • MD5

    305b09db4ddcc16dcc43e3288282ff21

  • SHA1

    38610c2b846bcaba5787cba0e83c3df6094364d5

  • SHA256

    d567cea27f3be5b7d14ef3fc02525bd2443bc8688c4381d3a25d63a077f72f8e

  • SHA512

    90f2f674a4bc22de05a8aceb19f41bea980353e75a3a4876d648b89b476ac10f42d26a35a8cdc2e0d11ecdd721912b0bc9a6ebea54ba04d7a72d7c4013dff44d

  • SSDEEP

    12288:rj9l69ZU++3jUOIcr1MFNXJKsg1V5aXiuI3o+:rDsOIcrMXosg1V5ayuI3o+

Score
10/10
persistence

Malware Config

Targets

    • Target

      d567cea27f3be5b7d14ef3fc02525bd2443bc8688c4381d3a25d63a077f72f8e

    • Size

      611KB

    • MD5

      305b09db4ddcc16dcc43e3288282ff21

    • SHA1

      38610c2b846bcaba5787cba0e83c3df6094364d5

    • SHA256

      d567cea27f3be5b7d14ef3fc02525bd2443bc8688c4381d3a25d63a077f72f8e

    • SHA512

      90f2f674a4bc22de05a8aceb19f41bea980353e75a3a4876d648b89b476ac10f42d26a35a8cdc2e0d11ecdd721912b0bc9a6ebea54ba04d7a72d7c4013dff44d

    • SSDEEP

      12288:rj9l69ZU++3jUOIcr1MFNXJKsg1V5aXiuI3o+:rDsOIcrMXosg1V5ayuI3o+

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks