Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4c4c5c5e1fd71b82b2f2cd497c4241b2b776635de4d899c281f3cb8157e109ec

  • Size

    846KB

  • Sample

    221129-k778pahf7t

  • MD5

    6edcedb37a7430c85e0899fe50da8d40

  • SHA1

    dcf0296a6106294af96e5f914c173aa664d0fb96

  • SHA256

    4c4c5c5e1fd71b82b2f2cd497c4241b2b776635de4d899c281f3cb8157e109ec

  • SHA512

    b68c0531ac3cdb9bedafe235ff0fde2f14080a6d1038749fa4a75bf512e40fe016f5589f7bec751588f1d5616f1f2600ccc362a53aadf6d4f217cc928ca5f3c7

  • SSDEEP

    6144:jPavkfCnpdseVsDL5jxgcYORITHGi2oBsj:jPaxpyeVsf5SczOp2oB2

Score
8/10

Malware Config

Targets

    • Target

      4c4c5c5e1fd71b82b2f2cd497c4241b2b776635de4d899c281f3cb8157e109ec

    • Size

      846KB

    • MD5

      6edcedb37a7430c85e0899fe50da8d40

    • SHA1

      dcf0296a6106294af96e5f914c173aa664d0fb96

    • SHA256

      4c4c5c5e1fd71b82b2f2cd497c4241b2b776635de4d899c281f3cb8157e109ec

    • SHA512

      b68c0531ac3cdb9bedafe235ff0fde2f14080a6d1038749fa4a75bf512e40fe016f5589f7bec751588f1d5616f1f2600ccc362a53aadf6d4f217cc928ca5f3c7

    • SSDEEP

      6144:jPavkfCnpdseVsDL5jxgcYORITHGi2oBsj:jPaxpyeVsf5SczOp2oB2

    Score
    8/10
    • Adds policy Run key to start application

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks