Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
89a1bd1357e819ccd551b4ccd0b68e0ddb305148b57a2f2de9bd4d7529638268
-
Size
588KB
-
Sample
221127-szyy2scf2s
-
MD5
55062296cd82f3b8b5805a06dcb32cf6
-
SHA1
7c1614ca008dd7f04e6f93ef0daf1379f424af98
-
SHA256
89a1bd1357e819ccd551b4ccd0b68e0ddb305148b57a2f2de9bd4d7529638268
-
SHA512
77829cc9ebe22e91cbba845d57e6c66e0f1cfad2840593a14f09bb4e649fefa7faad07053e264a2e74645d5a929449072e7dc01de9daaaa3b91c19455577b26a
-
SSDEEP
12288:WpR3kwv7SDitmQJLzpiCdcoW50pvYH9HKQ2TTqwmUyL8DSXzNOY4sxN514:JDktiGWmRYhKbTTLUjfr4
Static task
static1
Behavioral task
behavioral1
Sample
89a1bd1357e819ccd551b4ccd0b68e0ddb305148b57a2f2de9bd4d7529638268.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
89a1bd1357e819ccd551b4ccd0b68e0ddb305148b57a2f2de9bd4d7529638268
-
Size
588KB
-
MD5
55062296cd82f3b8b5805a06dcb32cf6
-
SHA1
7c1614ca008dd7f04e6f93ef0daf1379f424af98
-
SHA256
89a1bd1357e819ccd551b4ccd0b68e0ddb305148b57a2f2de9bd4d7529638268
-
SHA512
77829cc9ebe22e91cbba845d57e6c66e0f1cfad2840593a14f09bb4e649fefa7faad07053e264a2e74645d5a929449072e7dc01de9daaaa3b91c19455577b26a
-
SSDEEP
12288:WpR3kwv7SDitmQJLzpiCdcoW50pvYH9HKQ2TTqwmUyL8DSXzNOY4sxN514:JDktiGWmRYhKbTTLUjfr4
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-