Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29b8362241e3914bf9b9923f12a07f7a024bc6d9d390c8262197984f796f8e02

  • Size

    839KB

  • Sample

    221204-qw8b7sdd23

  • MD5

    3736c418a5a3c2d9deba7766881c17f9

  • SHA1

    5c5ecf31c34d36b819fc1083d2070cd09d1970ae

  • SHA256

    29b8362241e3914bf9b9923f12a07f7a024bc6d9d390c8262197984f796f8e02

  • SHA512

    3279e4a01e08ddfefbade6e2920a48af3b2e146c824ce8142c1ae2a32b629a47d66695dcf89d324b13e2d71ab400f72a425f8d6ed587417a4164983d4852eb15

  • SSDEEP

    12288:whkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a28x7A6:4RmJkcoQricOIQxiZY1ia28x7L

Score
8/10

Malware Config

Targets

    • Target

      29b8362241e3914bf9b9923f12a07f7a024bc6d9d390c8262197984f796f8e02

    • Size

      839KB

    • MD5

      3736c418a5a3c2d9deba7766881c17f9

    • SHA1

      5c5ecf31c34d36b819fc1083d2070cd09d1970ae

    • SHA256

      29b8362241e3914bf9b9923f12a07f7a024bc6d9d390c8262197984f796f8e02

    • SHA512

      3279e4a01e08ddfefbade6e2920a48af3b2e146c824ce8142c1ae2a32b629a47d66695dcf89d324b13e2d71ab400f72a425f8d6ed587417a4164983d4852eb15

    • SSDEEP

      12288:whkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4a28x7A6:4RmJkcoQricOIQxiZY1ia28x7L

    Score
    8/10
    • Adds policy Run key to start application

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks