Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02
-
Size
820KB
-
Sample
221205-mezf7aae74
-
MD5
4408d904c304c3becc5b3f28b9fd2b62
-
SHA1
741db1ee6c9dd4daa862c531d4194b2745aa2789
-
SHA256
a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02
-
SHA512
ac8b1be8f655a8e9e1084c63b6677de0b21d515fb07d8e09e43f8f4135532561adf703e71348ff6375eb68697170c6044c7a59fb8227bb9b1dababba6db9fa32
-
SSDEEP
12288:xMrCcQ74kKTUtCkUAlnw8Do0WtJKQV5hcJzkOjsJ7KYk62c5iCCMDGBpU2Uq:684kbUAlnw8DoD2Q7LmT6LiCnGBpkq
Static task
static1
Behavioral task
behavioral1
Sample
a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02
-
Size
820KB
-
MD5
4408d904c304c3becc5b3f28b9fd2b62
-
SHA1
741db1ee6c9dd4daa862c531d4194b2745aa2789
-
SHA256
a2e42261bdbe2e301195a6d11ec8df3b1f7a8567d5a8b7e31c2852b6655f2b02
-
SHA512
ac8b1be8f655a8e9e1084c63b6677de0b21d515fb07d8e09e43f8f4135532561adf703e71348ff6375eb68697170c6044c7a59fb8227bb9b1dababba6db9fa32
-
SSDEEP
12288:xMrCcQ74kKTUtCkUAlnw8Do0WtJKQV5hcJzkOjsJ7KYk62c5iCCMDGBpU2Uq:684kbUAlnw8DoD2Q7LmT6LiCnGBpkq
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-