Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ff84eb53e135cfab83b5ed2354f30f26b7d8f31c3160d7e01b7bb3050820d109
-
Size
656KB
-
Sample
221205-kfr3dsga5s
-
MD5
2af9f1c1d68514c377a324c19861bcc8
-
SHA1
225741ab919153238a03a6b4daa42fe29709b6b5
-
SHA256
ff84eb53e135cfab83b5ed2354f30f26b7d8f31c3160d7e01b7bb3050820d109
-
SHA512
28b0a0ec3dac69a5c87180b169d2f5109d9ea6c4c80158158e7e841f85c61254e0da90f132e38b54771eb0ce6cf24b51daeb5622a55f702835ec757067edb0df
-
SSDEEP
6144:NUEjebs98Z4NBBGDWMKvS8GYFBSAjT1TkmltGGGhC2:uPQ6QvS8TKyr
Static task
static1
Behavioral task
behavioral1
Sample
ff84eb53e135cfab83b5ed2354f30f26b7d8f31c3160d7e01b7bb3050820d109.exe
Resource
win7-20220901-en
Malware Config
Extracted
pony
http://204.188.238.141/~paulcomp/js/paul2.php
Targets
-
-
Target
ff84eb53e135cfab83b5ed2354f30f26b7d8f31c3160d7e01b7bb3050820d109
-
Size
656KB
-
MD5
2af9f1c1d68514c377a324c19861bcc8
-
SHA1
225741ab919153238a03a6b4daa42fe29709b6b5
-
SHA256
ff84eb53e135cfab83b5ed2354f30f26b7d8f31c3160d7e01b7bb3050820d109
-
SHA512
28b0a0ec3dac69a5c87180b169d2f5109d9ea6c4c80158158e7e841f85c61254e0da90f132e38b54771eb0ce6cf24b51daeb5622a55f702835ec757067edb0df
-
SSDEEP
6144:NUEjebs98Z4NBBGDWMKvS8GYFBSAjT1TkmltGGGhC2:uPQ6QvS8TKyr
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-