Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e4a5383ac32d5642eaf2c7406a0f1c0f.msi
-
Size
4.2MB
-
Sample
230302-pq936sch69
-
MD5
e4a5383ac32d5642eaf2c7406a0f1c0f
-
SHA1
3e5637d253c40aefdb0465df15bc057ed5c26186
-
SHA256
d99b63e1740aa4f779b91d22f508a4792f237f09413d24b51144e0694af5d34f
-
SHA512
ed7ae40e2475ca2bdeefbfb3f15df6e93c8c7d7781b31c2b0c5cab99ff8fec0487f7975b406eebb8117aca2038a11a658d129c32d4147275fd7770c1bfa28da8
-
SSDEEP
98304:lPKnw39kiUnMUYeg8F1HWMUKFln1RiZmSZ9J1zYfWwG:4wNJUnMUYetUKFZnpSf1w
Static task
static1
Behavioral task
behavioral1
Sample
e4a5383ac32d5642eaf2c7406a0f1c0f.msi
Resource
win7-20230220-en
Malware Config
Extracted
bumblebee
Extracted
bumblebee
cisc117
172.93.193.3:443
23.81.246.22:443
95.168.191.134:443
104.168.175.78:443
172.93.193.46:443
157.254.194.104:443
37.28.157.29:443
23.106.124.23:443
194.135.33.182:443
54.38.139.94:443
192.119.65.175:443
107.189.8.58:443
205.185.114.241:443
104.168.171.159:443
103.144.139.159:443
91.206.178.204:443
198.98.58.184:443
172.241.27.120:443
23.106.223.197:443
23.108.57.83:443
54.37.131.232:443
23.82.128.11:443
160.20.147.91:443
103.175.16.10:443
Targets
-
-
Target
e4a5383ac32d5642eaf2c7406a0f1c0f.msi
-
Size
4.2MB
-
MD5
e4a5383ac32d5642eaf2c7406a0f1c0f
-
SHA1
3e5637d253c40aefdb0465df15bc057ed5c26186
-
SHA256
d99b63e1740aa4f779b91d22f508a4792f237f09413d24b51144e0694af5d34f
-
SHA512
ed7ae40e2475ca2bdeefbfb3f15df6e93c8c7d7781b31c2b0c5cab99ff8fec0487f7975b406eebb8117aca2038a11a658d129c32d4147275fd7770c1bfa28da8
-
SSDEEP
98304:lPKnw39kiUnMUYeg8F1HWMUKFln1RiZmSZ9J1zYfWwG:4wNJUnMUYetUKFZnpSf1w
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-