Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539
-
Size
1.2MB
-
Sample
221128-bpad9sdb92
-
MD5
8f15bfb3722b7b5c2af0a3af4aea2e59
-
SHA1
b7b1c094d883c219c7f872b9d18bd765bce8a5f5
-
SHA256
505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539
-
SHA512
47cf5362e7a48d0871f628b3a1913a8b081d2e366323e196860a1249c9b5408178a175e4acfac42a6e4f2d617b405501d6ff036acea558f75184fccecb0131f6
-
SSDEEP
12288:92vL7kVDlyOjZ87Bvr7wn8/GtFgd6/L5G8Qx9CPW0CjTTrm+pLFONMIRkxkfkkUN:UfSh94z+tCdSV3fW0CjT3m+pApl08M3
Static task
static1
Behavioral task
behavioral1
Sample
505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539
-
Size
1.2MB
-
MD5
8f15bfb3722b7b5c2af0a3af4aea2e59
-
SHA1
b7b1c094d883c219c7f872b9d18bd765bce8a5f5
-
SHA256
505658da866d352de8778dede2b413f90232f03a8a28021d7e92d316d6709539
-
SHA512
47cf5362e7a48d0871f628b3a1913a8b081d2e366323e196860a1249c9b5408178a175e4acfac42a6e4f2d617b405501d6ff036acea558f75184fccecb0131f6
-
SSDEEP
12288:92vL7kVDlyOjZ87Bvr7wn8/GtFgd6/L5G8Qx9CPW0CjTTrm+pLFONMIRkxkfkkUN:UfSh94z+tCdSV3fW0CjT3m+pApl08M3
Score9/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-