Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8
-
Size
168KB
-
Sample
221121-rtwfasdf22
-
MD5
137cfc6b3ad4ae7607a655c964a3e2c6
-
SHA1
319d2bfba00441b0894758ba060cffce9ebeacb6
-
SHA256
13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8
-
SHA512
858675ae435d160d5d40789e2e98c9ddb47c977131d2e858599626238b75f21a79fff10390c954f8e725a90cb0f7f34e5f0d539c1d1d8b0b1261f23a0b6ab4ce
-
SSDEEP
1536:nxerLPMj4VxhkKlX9Cms33YoKw8Pm6/qr8qyhhLDhUeKKfRpO0t9gVjx1guqgzM0:xOMKlEmsHKHPmLq7eeJsk6Rqwq4d
Static task
static1
Behavioral task
behavioral1
Sample
13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8
-
Size
168KB
-
MD5
137cfc6b3ad4ae7607a655c964a3e2c6
-
SHA1
319d2bfba00441b0894758ba060cffce9ebeacb6
-
SHA256
13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8
-
SHA512
858675ae435d160d5d40789e2e98c9ddb47c977131d2e858599626238b75f21a79fff10390c954f8e725a90cb0f7f34e5f0d539c1d1d8b0b1261f23a0b6ab4ce
-
SSDEEP
1536:nxerLPMj4VxhkKlX9Cms33YoKw8Pm6/qr8qyhhLDhUeKKfRpO0t9gVjx1guqgzM0:xOMKlEmsHKHPmLq7eeJsk6Rqwq4d
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-