Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8

  • Size

    168KB

  • Sample

    221121-rtwfasdf22

  • MD5

    137cfc6b3ad4ae7607a655c964a3e2c6

  • SHA1

    319d2bfba00441b0894758ba060cffce9ebeacb6

  • SHA256

    13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8

  • SHA512

    858675ae435d160d5d40789e2e98c9ddb47c977131d2e858599626238b75f21a79fff10390c954f8e725a90cb0f7f34e5f0d539c1d1d8b0b1261f23a0b6ab4ce

  • SSDEEP

    1536:nxerLPMj4VxhkKlX9Cms33YoKw8Pm6/qr8qyhhLDhUeKKfRpO0t9gVjx1guqgzM0:xOMKlEmsHKHPmLq7eeJsk6Rqwq4d

Score
10/10

Malware Config

Targets

    • Target

      13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8

    • Size

      168KB

    • MD5

      137cfc6b3ad4ae7607a655c964a3e2c6

    • SHA1

      319d2bfba00441b0894758ba060cffce9ebeacb6

    • SHA256

      13a6f0c7056952718b52bd697abefdd84a26791f2b7fd80f5a91f67996f853b8

    • SHA512

      858675ae435d160d5d40789e2e98c9ddb47c977131d2e858599626238b75f21a79fff10390c954f8e725a90cb0f7f34e5f0d539c1d1d8b0b1261f23a0b6ab4ce

    • SSDEEP

      1536:nxerLPMj4VxhkKlX9Cms33YoKw8Pm6/qr8qyhhLDhUeKKfRpO0t9gVjx1guqgzM0:xOMKlEmsHKHPmLq7eeJsk6Rqwq4d

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks