Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009
-
Size
659KB
-
Sample
221129-tgp4vsdd97
-
MD5
25c15339a4bc59109a702aea175a4278
-
SHA1
b7f42b8830b228e3af0210f7fea252430eaaefe3
-
SHA256
aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009
-
SHA512
0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26
-
SSDEEP
12288:h9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKg:XAQ6Zx9cxTmOrucTIEFSpOG1
Behavioral task
behavioral1
Sample
aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009
-
Size
659KB
-
MD5
25c15339a4bc59109a702aea175a4278
-
SHA1
b7f42b8830b228e3af0210f7fea252430eaaefe3
-
SHA256
aa9f58d66f9abf1a8ee8a0cdbf05a88643f725ddea30b52d65a4a70e3f854009
-
SHA512
0a2fe3ae30b2fb1686d09bd0bd3ef0b90ba6292c4aeb83cd3a81a69f8bdaa61a583808d3212b5c5afe8e4a66acb0267ad893514c2b4a2106ac263c1ac9af3e26
-
SSDEEP
12288:h9AFlAd0Z+89cxTGzO4AucTD8QP2lmFSrVs9LqnKg:XAQ6Zx9cxTmOrucTIEFSpOG1
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-