Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1.one
-
Size
2.8MB
-
Sample
230508-w9zj4scb82
-
MD5
04a5d6ec984ec8792a2fd7a99fcfb8e1
-
SHA1
b48365d8824be054acf1476eda12c31749711980
-
SHA256
b9dcfa849b5ce3e96e715144476547b64d92b6cd3e25fd588aecb846de666cdd
-
SHA512
fd8636f3793acfe002d61a68ffa200db527e91beab20457c9e6560c8527a3000c80174e045ac47365e14c1a5dca2851c554d39f13e4cac9ab51684d52e164a9f
-
SSDEEP
49152:x9/jsOOTLCTFQq5iNZ4KS5WPvwaqX/nREYVoB5JSHawNxs:orTLmIp+/nREYKdD
Static task
static1
Behavioral task
behavioral1
Sample
1.one
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1.one
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
1.one
-
Size
2.8MB
-
MD5
04a5d6ec984ec8792a2fd7a99fcfb8e1
-
SHA1
b48365d8824be054acf1476eda12c31749711980
-
SHA256
b9dcfa849b5ce3e96e715144476547b64d92b6cd3e25fd588aecb846de666cdd
-
SHA512
fd8636f3793acfe002d61a68ffa200db527e91beab20457c9e6560c8527a3000c80174e045ac47365e14c1a5dca2851c554d39f13e4cac9ab51684d52e164a9f
-
SSDEEP
49152:x9/jsOOTLCTFQq5iNZ4KS5WPvwaqX/nREYVoB5JSHawNxs:orTLmIp+/nREYKdD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-