Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    97a57b6781186991194ff52dd6174320dbd3bc824758a5291773b3cdb7576b5c

  • Size

    113KB

  • Sample

    221206-xzcg9shg5t

  • MD5

    ccaacce738da55bef3923652a00e0513

  • SHA1

    ab13b8eec27d0d5112575b9308e247e2f80d6efa

  • SHA256

    97a57b6781186991194ff52dd6174320dbd3bc824758a5291773b3cdb7576b5c

  • SHA512

    a5b4fe0a5f25dcb4eec42c59b9f1e8f9043cef4603b70489e88b362700ae2e3e5bc6e2068469bdc2e1b92f019acf58338327348d0b2997e656e13b2517e6bbc9

  • SSDEEP

    3072:hdypzwl22/lU8QKTvOucjZukl8R5wNdcG48ES:hdypklzi8QoOz4XIh4I

Malware Config

Targets

    • Target

      97a57b6781186991194ff52dd6174320dbd3bc824758a5291773b3cdb7576b5c

    • Size

      113KB

    • MD5

      ccaacce738da55bef3923652a00e0513

    • SHA1

      ab13b8eec27d0d5112575b9308e247e2f80d6efa

    • SHA256

      97a57b6781186991194ff52dd6174320dbd3bc824758a5291773b3cdb7576b5c

    • SHA512

      a5b4fe0a5f25dcb4eec42c59b9f1e8f9043cef4603b70489e88b362700ae2e3e5bc6e2068469bdc2e1b92f019acf58338327348d0b2997e656e13b2517e6bbc9

    • SSDEEP

      3072:hdypzwl22/lU8QKTvOucjZukl8R5wNdcG48ES:hdypklzi8QoOz4XIh4I

    • Modifies firewall policy service

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks