Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

e38657e1bf...c9.exe

windows7-x64

10

e38657e1bf...c9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e38657e1bfe08491ddf5acdb9d3bc4e8e4f4f5d724b471ba2794f6425b8c2ec9

  • Size

    240KB

  • Sample

    221205-11s37aeg5x

  • MD5

    b6921d88d598f9b85549858e4a867ef9

  • SHA1

    64d1c68278671301654dbd4825382093736cb666

  • SHA256

    e38657e1bfe08491ddf5acdb9d3bc4e8e4f4f5d724b471ba2794f6425b8c2ec9

  • SHA512

    2185c32cbbc1d3ece6ac4129012595f44fc89464f4e7f5327db2f7d7ab6edeb719d418a23ed7c20a5ac35a42585930f2c2e48cdbda593a638178136e4f027401

  • SSDEEP

    3072:DPzEAPZBtw7SJjBrz/Q5w+tPgZMXC6FylcwBImXRgXfwo:7zzi7SJFzQ53uZOC6Fy+O4

Score
10/10
evasionpersistence

Malware Config

Targets

    • Target

      e38657e1bfe08491ddf5acdb9d3bc4e8e4f4f5d724b471ba2794f6425b8c2ec9

    • Size

      240KB

    • MD5

      b6921d88d598f9b85549858e4a867ef9

    • SHA1

      64d1c68278671301654dbd4825382093736cb666

    • SHA256

      e38657e1bfe08491ddf5acdb9d3bc4e8e4f4f5d724b471ba2794f6425b8c2ec9

    • SHA512

      2185c32cbbc1d3ece6ac4129012595f44fc89464f4e7f5327db2f7d7ab6edeb719d418a23ed7c20a5ac35a42585930f2c2e48cdbda593a638178136e4f027401

    • SSDEEP

      3072:DPzEAPZBtw7SJjBrz/Q5w+tPgZMXC6FylcwBImXRgXfwo:7zzi7SJFzQ53uZOC6Fy+O4

    Score
    10/10
    evasionpersistence

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks