Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9baca7933db08f27c8b3e6ec969884e39ee6a4089fd7d076d21873d85b7f45a1

  • Size

    126KB

  • Sample

    221202-vwpx3sgf44

  • MD5

    37be0b5b163757e1517fecbcd24d0af0

  • SHA1

    4d58598d00ff171ac80b0c2477de4ae53d32c771

  • SHA256

    9baca7933db08f27c8b3e6ec969884e39ee6a4089fd7d076d21873d85b7f45a1

  • SHA512

    e7ab2a6a94ab0cbe53ecddce8b0b6a7902300f9d52ac97baaa4167f3db88ca32f5539e735f9bcaaa26e387ed4af0233fc98beedf05323170e38fe17e383f495d

  • SSDEEP

    3072:v2qbolasngpgJqP+nkkwY9+te32T4ghw+uSs0xS6YMS:OdT5JUawm+tnK+uSsF62

Score
10/10

Malware Config

Targets

    • Target

      9baca7933db08f27c8b3e6ec969884e39ee6a4089fd7d076d21873d85b7f45a1

    • Size

      126KB

    • MD5

      37be0b5b163757e1517fecbcd24d0af0

    • SHA1

      4d58598d00ff171ac80b0c2477de4ae53d32c771

    • SHA256

      9baca7933db08f27c8b3e6ec969884e39ee6a4089fd7d076d21873d85b7f45a1

    • SHA512

      e7ab2a6a94ab0cbe53ecddce8b0b6a7902300f9d52ac97baaa4167f3db88ca32f5539e735f9bcaaa26e387ed4af0233fc98beedf05323170e38fe17e383f495d

    • SSDEEP

      3072:v2qbolasngpgJqP+nkkwY9+te32T4ghw+uSs0xS6YMS:OdT5JUawm+tnK+uSsF62

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks