Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4bff4b7f8db1497c00f3a666cfcbec6b1bad407a1d5f7ad6909e115c3f98ba55

  • Size

    36KB

  • Sample

    230131-mjzyhshf91

  • MD5

    8caef659f0fa8d49e5aa0ea150eab854

  • SHA1

    ebe572772ab1e27947d7caab13cfa1a7081060f4

  • SHA256

    81b89d3ea9e0dbf57f738ffc85137f1d528f384671e50b68b1ba7ac2fbc58de9

  • SHA512

    81dd3782e34851e1969ed3ada6f765e5adbe556539b9d369a0c2fd710b587bb577120d2d1e83a78c594d2d17aba2e75e3430225671f311d9526ba1a8f7985d0a

  • SSDEEP

    768:hj1ZuARyurI+x/3zfy0hiOU1fD20XTpN+eTkyk2UaVEkG:hjrRIUjfJW1L2qT+kkozG

Score
10/10

Malware Config

Targets

    • Target

      4bff4b7f8db1497c00f3a666cfcbec6b1bad407a1d5f7ad6909e115c3f98ba55

    • Size

      72KB

    • MD5

      9905fbc44d31dcac233e5c6bebc27035

    • SHA1

      824c546905f046702eeeb9405c4b4d7cb03eb8ec

    • SHA256

      4bff4b7f8db1497c00f3a666cfcbec6b1bad407a1d5f7ad6909e115c3f98ba55

    • SHA512

      3755f29c31aacdc216af3516b17cd9bf91d1d3b38d7913b3107535999c5a182a84ab357fb35fa4d75f7f2d22ecf7820d1a9ae19774d2fde829bb9af726fbd9de

    • SSDEEP

      1536:3vAkGoo+bH/J027ZKxyafwhHCC/mq1ktG:3vuWbaRgaYtX1ktG

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks