Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c77284987a90f51382df387f35b0780ff16b7e71230926a91caea9b5e955f539

  • Size

    92KB

  • Sample

    221203-xvcbpsgc57

  • MD5

    33e3bbcf9b34c8cecb5279eec1d644e0

  • SHA1

    db62be5aeaf66691da1627a419d935ab58c67940

  • SHA256

    c77284987a90f51382df387f35b0780ff16b7e71230926a91caea9b5e955f539

  • SHA512

    eb1faf6aca854b8747e433fe756a1d0aef1a66e2d6a1a18ab8ee5da68fc30556087a065cf732120d09a03dba2fb9bec24c95215115592cb93eee336861801b1b

  • SSDEEP

    1536:3YSSR+XyVoizrqkhSJ7p7bi/KveY4x5EPQJUnRSuvy0ORU5kgB:pSVaQrqkI97biTxSPMUnRt67Ckc

Score
10/10

Malware Config

Targets

    • Target

      c77284987a90f51382df387f35b0780ff16b7e71230926a91caea9b5e955f539

    • Size

      92KB

    • MD5

      33e3bbcf9b34c8cecb5279eec1d644e0

    • SHA1

      db62be5aeaf66691da1627a419d935ab58c67940

    • SHA256

      c77284987a90f51382df387f35b0780ff16b7e71230926a91caea9b5e955f539

    • SHA512

      eb1faf6aca854b8747e433fe756a1d0aef1a66e2d6a1a18ab8ee5da68fc30556087a065cf732120d09a03dba2fb9bec24c95215115592cb93eee336861801b1b

    • SSDEEP

      1536:3YSSR+XyVoizrqkhSJ7p7bi/KveY4x5EPQJUnRSuvy0ORU5kgB:pSVaQrqkI97biTxSPMUnRt67Ckc

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks