Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

cfc7bc2f27...8b.exe

windows7-x64

8

cfc7bc2f27...8b.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfc7bc2f271ce50317fe51b708f22005856721c851da2e136802019023690f8b

  • Size

    107KB

  • Sample

    221203-zcme3ada45

  • MD5

    d642e90abc8d83d2b82b641e7e527a41

  • SHA1

    fc818c4df7054bc6e2cf8f07c9172e2eed12ccc0

  • SHA256

    cfc7bc2f271ce50317fe51b708f22005856721c851da2e136802019023690f8b

  • SHA512

    ae6b868f7bb35fbc754e2ae62611da8f621ea5ae02132aa7615328ad69facb7610360dbedf50c185273aec85511c5d025e549eabf028763f5a9e08d3d4d2f620

  • SSDEEP

    3072:TJa0471ysAjoAFl2bSUvOLw7GKDjxf4HRdoyOoutj0TLThL:danUnFl2bSULaKDjKHRqHoS

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      cfc7bc2f271ce50317fe51b708f22005856721c851da2e136802019023690f8b

    • Size

      107KB

    • MD5

      d642e90abc8d83d2b82b641e7e527a41

    • SHA1

      fc818c4df7054bc6e2cf8f07c9172e2eed12ccc0

    • SHA256

      cfc7bc2f271ce50317fe51b708f22005856721c851da2e136802019023690f8b

    • SHA512

      ae6b868f7bb35fbc754e2ae62611da8f621ea5ae02132aa7615328ad69facb7610360dbedf50c185273aec85511c5d025e549eabf028763f5a9e08d3d4d2f620

    • SSDEEP

      3072:TJa0471ysAjoAFl2bSUvOLw7GKDjxf4HRdoyOoutj0TLThL:danUnFl2bSULaKDjKHRqHoS

    Score
    8/10
    persistenceupx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks