Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4cc8eafc48b7a4f3752e1181159ffbb25eeac29105611c0cad31ce845e47ac9b

  • Size

    144KB

  • Sample

    221201-3epjzsfa3z

  • MD5

    e51c9656caaa74ae856dd67c5e4bbaf0

  • SHA1

    8aac8ca17dbc5864f14422771f6781ca6bcc2444

  • SHA256

    4cc8eafc48b7a4f3752e1181159ffbb25eeac29105611c0cad31ce845e47ac9b

  • SHA512

    7002f55065bba31088caac4f14dc0af065674c29e8fcbe48b05b97e55af3f62723b58c47620471f4c3d484efcce4eadc453b2d126e75b0852ddfc8c98c5d7643

  • SSDEEP

    3072:T4Dq0BO5VIdhvoiOhkidHTBzSP052WKKM4XR14dv:69vhOhjdzBGPeHKIrY

Score
10/10

Malware Config

Targets

    • Target

      4cc8eafc48b7a4f3752e1181159ffbb25eeac29105611c0cad31ce845e47ac9b

    • Size

      144KB

    • MD5

      e51c9656caaa74ae856dd67c5e4bbaf0

    • SHA1

      8aac8ca17dbc5864f14422771f6781ca6bcc2444

    • SHA256

      4cc8eafc48b7a4f3752e1181159ffbb25eeac29105611c0cad31ce845e47ac9b

    • SHA512

      7002f55065bba31088caac4f14dc0af065674c29e8fcbe48b05b97e55af3f62723b58c47620471f4c3d484efcce4eadc453b2d126e75b0852ddfc8c98c5d7643

    • SSDEEP

      3072:T4Dq0BO5VIdhvoiOhkidHTBzSP052WKKM4XR14dv:69vhOhjdzBGPeHKIrY

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks