Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

30/11/2022, 23:19

221130-3a6ygahc3x 10

30/11/2022, 23:08

221130-24zktage6s 7

General

  • Target

    83939663-3b6c-beec-f375-09e921b96ec1.eml

  • Size

    642KB

  • Sample

    221130-24zktage6s

  • MD5

    e3868602935b48670ba95b65652b6bde

  • SHA1

    8f77a53b5f0d1c28d2c4e1d759cefff99abe18f8

  • SHA256

    e5f3503e7e13fbd6944429f7cdc31515a464a0852400d244d385753fffcb74b0

  • SHA512

    5799511c552d196e42f2680ebcba83c0ce24b5c04a0b0f4de04624a16ed4bcb264d8229046ed624289f9726d57eee0039eeec52f76357171ff671681b81828a0

  • SSDEEP

    12288:hAdLetT489/UbVnJb4XgC5J3d1dZ+gIbzePCSx:K6xeEwed1dZ+gGePl

Score
7/10

Malware Config

Targets

    • Target

      Comprobante de pago.vbs

    • Size

      458KB

    • MD5

      b850dc23232f57ca017501c3466e2dae

    • SHA1

      32955a66920f793b29b9c759e94b937444fc9e67

    • SHA256

      2474c4600024152198c6343099f27f6738c91331f20845fa098437ccc292c774

    • SHA512

      d1a9705b750b84579e41047776cb09622464e1a55c990ac1fb4167b52d58304d29884e6b381ba486f4ff6d9590bda55b2d71cca612ae4b0031622cd9b6091e94

    • SSDEEP

      6144:vABlsHrxVHvRQn/pdizJ2lqNgNr8PKIfg2LY40gPbN8oKsCFIl/:qlsHrzHv2n/i8o0r8Pzg2H0mKsbt

    Score
    7/10
    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks