Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6a321dac6eb773781972ed74aaaa680cfa3f006934098e3b66cd435c64adc266
-
Size
130KB
-
Sample
221126-bfe86abc28
-
MD5
67ca63eaf4a0cd52e0ba98de94b28020
-
SHA1
f2a361ad1b4c73dd442e16814768fd0dab3cd198
-
SHA256
6a321dac6eb773781972ed74aaaa680cfa3f006934098e3b66cd435c64adc266
-
SHA512
7f8336ec3f3d024b38d3b101f3bdc91ee208558489707d37f33373ed888d5cdc8de65905200a322534b413d93f3f5073b46c8c7fa5fd414b94763f24a31f0c79
-
SSDEEP
3072:Ph2UmLJ0/31Ny/Uud9T7PxMvk4C21sr7S85GKdMkTtFx0iuFRQnj:Ph2lt0/1Nd69evXCei78TViuaj
Static task
static1
Behavioral task
behavioral1
Sample
Dhl-Information.pdf.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Dhl-Information.pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
pony
http://185.7.35.9/~peakedca/home/gate.php
Targets
-
-
Target
Dhl-Information.pdf.exe
-
Size
146KB
-
MD5
0596c354d3bc4a70f76e86ac44e5179e
-
SHA1
de5db12f41c299116aeaf27d1d6b66c1649d3890
-
SHA256
b152f74631608d6c84e7b406121c19d0b4e75993e11ee8e2bddbacfa7942f639
-
SHA512
424ce957cb7631d632ce5f1cb806f9a67a78f8e43f856b321c1f08270148fc92edf921f59fd58e6c3ee999619fef46c2612e8768ace0dbd422abc804fd15626d
-
SSDEEP
3072:Ws7dFzS0qcFuKAfCw7ntjPGy/gud9T7Pxgvk4C21sr7c85GKdMkvtFx0iuFRQWHK:Ws7dFzS0I9Kej+r69GvXCei7qTTiuaW
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-