Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    708e57865390f24449be8d2c202ffdf9517984bf96a82de7aacf6d5ec6f7adbc.zip

  • Size

    976KB

  • Sample

    230321-qq3vjacf6s

  • MD5

    8be29c96aadf8874054024107c561aca

  • SHA1

    1000cf1ba8745130621d7117c6866a52a6652bf9

  • SHA256

    d3c7bffdf5e8ec66712569899f39526bfa53b85e434c64fb27c4092ca1b072e5

  • SHA512

    f73f4213d24ca0e3ed8d61a85ba84882273846ad31f34edd8777c793b0b336f8d6aca07e88c031b0037e0bb9bf37be7ec13afb4d60ae2fa2dd3747ed6f4db0be

  • SSDEEP

    12288:npgzB3dzDwuMxtvIuU5TbStT5Ij/VwctMUieP2bIrzUdnt5WE0NdTxeuVOIuwBFg:C1dzDwJtUpSl6DVM0GcdTxLOqjkWr0

Score
8/10

Malware Config

Targets

    • Target

      708e57865390f24449be8d2c202ffdf9517984bf96a82de7aacf6d5ec6f7adbc.xls

    • Size

      1.1MB

    • MD5

      0b09e53e2fc33342c42fbc66473df157

    • SHA1

      214ed38e49a874f7b4ac5b5e245ce165eb767f0c

    • SHA256

      708e57865390f24449be8d2c202ffdf9517984bf96a82de7aacf6d5ec6f7adbc

    • SHA512

      ecd2f83aafe9ffc384e1813509a218459f6c5656238f731d5721c9e45758f134b0f6d4ee3053519b54bdc85e486a937aae92fce01ceb7e1774759cfb064828a4

    • SSDEEP

      24576:dLKjWQmmav30xY+MXUu9/41+MXUu9L3bV7+MXUu9s3bVn3+RoyPZNQ:dLKCQmmQ30K+MXV9i+MXV9L3bV7+MXVB

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks