Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    900ffca233b325920f0e76a8b7ae74d37a434ab315088a5d763b66bec2abc77f

  • Size

    2.2MB

  • Sample

    221205-pvs1fsec9w

  • MD5

    44e75fcf7bffbb2d15574bd78abb663b

  • SHA1

    43be4f349f05f5ba056961ee8bdc9e4e8c443a10

  • SHA256

    900ffca233b325920f0e76a8b7ae74d37a434ab315088a5d763b66bec2abc77f

  • SHA512

    c6aaaec41b7b84586a43a2fde49641de06aafa1d1d5d0f1000dcc69b518e7a2920165c708da3048abd889513ff8c23c187bfd9cf5d12ae4a98932333be43a961

  • SSDEEP

    49152:Tb+qOGFGc/y+BMsAuII26f0EQh6fVnOTk3DSpX4R9DKp52:Tb2ou+mZpI268EQsx3D2XNpw

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://softscoreinc.com/soft-usage/favicon.ico?0=1200&1=VUIIVLGQ&2=i-s&3=135&4=7601&5=6&6=1&7=99600&8=1033

Extracted

Language
hta
Source
URLs
hta.dropper

http://softscoreinc.com/soft-usage/favicon.ico?0=1200&1=SOCAAGDT&2=i-s&3=135&4=9200&5=6&6=2&7=919041&8=1033

Targets

    • Target

      900ffca233b325920f0e76a8b7ae74d37a434ab315088a5d763b66bec2abc77f

    • Size

      2.2MB

    • MD5

      44e75fcf7bffbb2d15574bd78abb663b

    • SHA1

      43be4f349f05f5ba056961ee8bdc9e4e8c443a10

    • SHA256

      900ffca233b325920f0e76a8b7ae74d37a434ab315088a5d763b66bec2abc77f

    • SHA512

      c6aaaec41b7b84586a43a2fde49641de06aafa1d1d5d0f1000dcc69b518e7a2920165c708da3048abd889513ff8c23c187bfd9cf5d12ae4a98932333be43a961

    • SSDEEP

      49152:Tb+qOGFGc/y+BMsAuII26f0EQh6fVnOTk3DSpX4R9DKp52:Tb2ou+mZpI268EQsx3D2XNpw

    • Modifies WinLogon for persistence

    • UAC bypass

    • Executes dropped EXE

    • Sets file execution options in registry

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks