Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
#bbc.png
-
Size
267KB
-
Sample
230304-vtez4adg8w
-
MD5
7b2625e0240840c5936f617a6da00402
-
SHA1
015f7dd7f46b6a917a0a2651d8f4987bbc90e590
-
SHA256
e87a65aa4485734fe43d91edbe58a62b547fd0a68bbc70569b15f81b3e7c87ea
-
SHA512
26064b4cd5a603054d4545061ba532d903ba03ec13bd143b6809339ad47cf5d2a0aa310017be0eaff113be9cec7ca1d74ddbd7da4fedcd2f0589c8f37c7350cb
-
SSDEEP
6144:AmzA9Lw5XOxpzWTsvPqMKaRbM5IfqEWVDBylmWSVvQ9go:AF6hT8K5ICxV1hI
Static task
static1
Malware Config
Targets
-
-
Target
#bbc.png
-
Size
267KB
-
MD5
7b2625e0240840c5936f617a6da00402
-
SHA1
015f7dd7f46b6a917a0a2651d8f4987bbc90e590
-
SHA256
e87a65aa4485734fe43d91edbe58a62b547fd0a68bbc70569b15f81b3e7c87ea
-
SHA512
26064b4cd5a603054d4545061ba532d903ba03ec13bd143b6809339ad47cf5d2a0aa310017be0eaff113be9cec7ca1d74ddbd7da4fedcd2f0589c8f37c7350cb
-
SSDEEP
6144:AmzA9Lw5XOxpzWTsvPqMKaRbM5IfqEWVDBylmWSVvQ9go:AF6hT8K5ICxV1hI
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-