Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PICS09765432345678001.js
-
Size
937B
-
Sample
230420-f2e8hafg64
-
MD5
1de1213f3b92347423fb223ca44d36f1
-
SHA1
208df542788427737c54b61c99087878d0fcbef7
-
SHA256
3248a4b2b6e1514e9a63b2f40f54df79f0eee9592f9c1146e485ebd3fb4998b9
-
SHA512
9d2726b61c54473be66a985d354d01139853f4c9ffaa8801af945ff635d25b2a960f4430f6fad006b12156456008877083f279834abdaaecbd16d8b840df7c25
Static task
static1
Behavioral task
behavioral1
Sample
PICS09765432345678001.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PICS09765432345678001.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
Protocol: smtp- Host:
premium251.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
H?G7iEWK_W0R##
Targets
-
-
Target
PICS09765432345678001.js
-
Size
937B
-
MD5
1de1213f3b92347423fb223ca44d36f1
-
SHA1
208df542788427737c54b61c99087878d0fcbef7
-
SHA256
3248a4b2b6e1514e9a63b2f40f54df79f0eee9592f9c1146e485ebd3fb4998b9
-
SHA512
9d2726b61c54473be66a985d354d01139853f4c9ffaa8801af945ff635d25b2a960f4430f6fad006b12156456008877083f279834abdaaecbd16d8b840df7c25
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-