Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DRDO-K4-Missile-Clean-room.zip

  • Size

    69KB

  • Sample

    230310-n7f1zsfc4v

  • MD5

    0725318b4f5c312eeaf5ec9795a7e919

  • SHA1

    9902348fc5dffe10a94a3f4be219dc42330ed480

  • SHA256

    9aed0c5a047959ef38ec0555ccb647688c67557a6f8f60f691ab0ec096833cce

  • SHA512

    f6fcdc223f464a6c1ba752a1fa03e1e9f283def2f7538aec3407685952989146fbd553fdf910eaaa209056e57211bff605bdd8aa032e05f1f40bfda5d1fadc46

  • SSDEEP

    768:fVMoLgrq4x0g0Fls5a2zEVS5KhP0MZiTdAE+F7UtlQy0jqX4zUx7FvG8HQF4Uoi6:tvLgrq4xqq8NS5KXA+pH0OUtF7Qyi0au

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://cornerstonebeverly.org/js/files/docufentososo/doecumentosoneso

Targets

    • Target

      DRDO-K4-Missile-Clean-room/DRDO - K4 Missile Clean room.pptx.lnk

    • Size

      70KB

    • MD5

      ab11b91f97d7672da1c5b42c9ecc6d2e

    • SHA1

      feeadc91373732d65883c8351a6454a77a063ff5

    • SHA256

      a2e55cbd385971904abf619404be7ee8078ce9e3e46226d4d86d96ff31f6bb9a

    • SHA512

      d788a83a323d04b9c43328d36adcc2ffc3b7fd52e1bdec3f7bbd7c9c14bb66d75003ea8df5a9ba60b798f5aacbfb684a4955c0b806347b1809f7290e75b826d9

    • SSDEEP

      1536:ENN7MHOvYUpOQH8a8U2OPzCSyfU4YoBJrOZwHPnlThtIApDkU:hHOvY548a8Uxm5sx4JrOZIPlTHL

    Score
    10/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks