Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

9142b9cc80...11.exe

windows7-x64

10

9142b9cc80...11.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9142b9cc800d3d5a94ba8b59bb5caa463410e743a785dd0f5500963c5c6b6a11

  • Size

    266KB

  • Sample

    221204-c3tkqshh92

  • MD5

    169c5615cb09d02ec29f73523e394dc3

  • SHA1

    93a4d896739e4d25a907e1010fed5268e3e82e83

  • SHA256

    9142b9cc800d3d5a94ba8b59bb5caa463410e743a785dd0f5500963c5c6b6a11

  • SHA512

    63462098b1d44ba14fdcc77f4877a05086f8725bb6085f6dfa34e5fb58274a1e0d129b492dade68cb84d53e35a770e3d1b8bfd6df7016fb6b72b9b34113db038

  • SSDEEP

    3072:YBDCXP4TbtaH4sBxXsot/taH4sBxXsotr:y28sYs5FsYs51

Score
10/10
persistence

Malware Config

Targets

    • Target

      9142b9cc800d3d5a94ba8b59bb5caa463410e743a785dd0f5500963c5c6b6a11

    • Size

      266KB

    • MD5

      169c5615cb09d02ec29f73523e394dc3

    • SHA1

      93a4d896739e4d25a907e1010fed5268e3e82e83

    • SHA256

      9142b9cc800d3d5a94ba8b59bb5caa463410e743a785dd0f5500963c5c6b6a11

    • SHA512

      63462098b1d44ba14fdcc77f4877a05086f8725bb6085f6dfa34e5fb58274a1e0d129b492dade68cb84d53e35a770e3d1b8bfd6df7016fb6b72b9b34113db038

    • SSDEEP

      3072:YBDCXP4TbtaH4sBxXsot/taH4sBxXsotr:y28sYs5FsYs51

    Score
    10/10
    persistence

    • Modifies WinLogon for persistence

      persistence

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks