Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

60f7780b2b...05.exe

windows7-x64

10

60f7780b2b...05.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60f7780b2b9cd891706d55bf191035695c57b24c143b907d2d9b1d0c14ea7e05

  • Size

    147KB

  • Sample

    221128-bfbwqsgh2s

  • MD5

    fb8f0df340477e8ab4707c835de9afc0

  • SHA1

    8eef61dde9a91ebf76e458ce4963fd95aaeaab5e

  • SHA256

    60f7780b2b9cd891706d55bf191035695c57b24c143b907d2d9b1d0c14ea7e05

  • SHA512

    cf4142f03c2b854975a48373377e0f2f11298fa31bc500281dd5a7ee3bb9dff1a93dc344c0634015e25d294faf29eb400f8d6c626483794d1491c51c8b3cf313

  • SSDEEP

    3072:toUxlFYpz7gEHwIJTJ4bPTni2b4HuwIAhhJHydDM1+KNweG/5m1NEQXVTPrYskJD:mUxlFYpz7HHwI1J4bPTni2b4HuwIAhhW

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      60f7780b2b9cd891706d55bf191035695c57b24c143b907d2d9b1d0c14ea7e05

    • Size

      147KB

    • MD5

      fb8f0df340477e8ab4707c835de9afc0

    • SHA1

      8eef61dde9a91ebf76e458ce4963fd95aaeaab5e

    • SHA256

      60f7780b2b9cd891706d55bf191035695c57b24c143b907d2d9b1d0c14ea7e05

    • SHA512

      cf4142f03c2b854975a48373377e0f2f11298fa31bc500281dd5a7ee3bb9dff1a93dc344c0634015e25d294faf29eb400f8d6c626483794d1491c51c8b3cf313

    • SSDEEP

      3072:toUxlFYpz7gEHwIJTJ4bPTni2b4HuwIAhhJHydDM1+KNweG/5m1NEQXVTPrYskJD:mUxlFYpz7HHwI1J4bPTni2b4HuwIAhhW

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks