Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4bff4b7f8db1497c00f3a666cfcbec6b1bad407a1d5f7ad6909e115c3f98ba55
-
Size
36KB
-
Sample
230131-mjzyhshf91
-
MD5
8caef659f0fa8d49e5aa0ea150eab854
-
SHA1
ebe572772ab1e27947d7caab13cfa1a7081060f4
-
SHA256
81b89d3ea9e0dbf57f738ffc85137f1d528f384671e50b68b1ba7ac2fbc58de9
-
SHA512
81dd3782e34851e1969ed3ada6f765e5adbe556539b9d369a0c2fd710b587bb577120d2d1e83a78c594d2d17aba2e75e3430225671f311d9526ba1a8f7985d0a
-
SSDEEP
768:hj1ZuARyurI+x/3zfy0hiOU1fD20XTpN+eTkyk2UaVEkG:hjrRIUjfJW1L2qT+kkozG
Static task
static1
Behavioral task
behavioral1
Sample
4bff4b7f8db1497c00f3a666cfcbec6b1bad407a1d5f7ad6909e115c3f98ba55.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4bff4b7f8db1497c00f3a666cfcbec6b1bad407a1d5f7ad6909e115c3f98ba55.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
4bff4b7f8db1497c00f3a666cfcbec6b1bad407a1d5f7ad6909e115c3f98ba55
-
Size
72KB
-
MD5
9905fbc44d31dcac233e5c6bebc27035
-
SHA1
824c546905f046702eeeb9405c4b4d7cb03eb8ec
-
SHA256
4bff4b7f8db1497c00f3a666cfcbec6b1bad407a1d5f7ad6909e115c3f98ba55
-
SHA512
3755f29c31aacdc216af3516b17cd9bf91d1d3b38d7913b3107535999c5a182a84ab357fb35fa4d75f7f2d22ecf7820d1a9ae19774d2fde829bb9af726fbd9de
-
SSDEEP
1536:3vAkGoo+bH/J027ZKxyafwhHCC/mq1ktG:3vuWbaRgaYtX1ktG
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-