Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

20/12/2022, 18:17

221220-ww6fhadf6x 8

20/12/2022, 14:06

221220-reqaqsch9y 8

General

  • Target

    ke.msi

  • Size

    36KB

  • Sample

    221220-ww6fhadf6x

  • MD5

    c0de445dfe49d2932cc7a55e81b06a38

  • SHA1

    96738932eceae5ca5196401c059532024fce9d56

  • SHA256

    0d604def7d8c28469c49fa5d12a8deddb56ebbdf03fb4de5b31484b6a4ace3a0

  • SHA512

    5ad5bf1ce13b6e8f9972d8801a084ad490efda8580d9b103640edbe34cf166d7ffab294f2c38e91340c30235b84e076490a01379873a3b41601e67e395ff28ba

  • SSDEEP

    384:0mcA5s8B88y+J4Hby3M5koXbGWv3m8V4x5Pey3M5sC0Loj8H:ro+uWMxGIweWMmC

Score
8/10

Malware Config

Targets

    • Target

      ke.msi

    • Size

      36KB

    • MD5

      c0de445dfe49d2932cc7a55e81b06a38

    • SHA1

      96738932eceae5ca5196401c059532024fce9d56

    • SHA256

      0d604def7d8c28469c49fa5d12a8deddb56ebbdf03fb4de5b31484b6a4ace3a0

    • SHA512

      5ad5bf1ce13b6e8f9972d8801a084ad490efda8580d9b103640edbe34cf166d7ffab294f2c38e91340c30235b84e076490a01379873a3b41601e67e395ff28ba

    • SSDEEP

      384:0mcA5s8B88y+J4Hby3M5koXbGWv3m8V4x5Pey3M5sC0Loj8H:ro+uWMxGIweWMmC

    Score
    8/10
    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks