Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

1.one

windows7-x64

10

1.one

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.one

  • Size

    2.8MB

  • Sample

    230508-w9zj4scb82

  • MD5

    04a5d6ec984ec8792a2fd7a99fcfb8e1

  • SHA1

    b48365d8824be054acf1476eda12c31749711980

  • SHA256

    b9dcfa849b5ce3e96e715144476547b64d92b6cd3e25fd588aecb846de666cdd

  • SHA512

    fd8636f3793acfe002d61a68ffa200db527e91beab20457c9e6560c8527a3000c80174e045ac47365e14c1a5dca2851c554d39f13e4cac9ab51684d52e164a9f

  • SSDEEP

    49152:x9/jsOOTLCTFQq5iNZ4KS5WPvwaqX/nREYVoB5JSHawNxs:orTLmIp+/nREYKdD

Score
10/10

Malware Config

Targets

    • Target

      1.one

    • Size

      2.8MB

    • MD5

      04a5d6ec984ec8792a2fd7a99fcfb8e1

    • SHA1

      b48365d8824be054acf1476eda12c31749711980

    • SHA256

      b9dcfa849b5ce3e96e715144476547b64d92b6cd3e25fd588aecb846de666cdd

    • SHA512

      fd8636f3793acfe002d61a68ffa200db527e91beab20457c9e6560c8527a3000c80174e045ac47365e14c1a5dca2851c554d39f13e4cac9ab51684d52e164a9f

    • SSDEEP

      49152:x9/jsOOTLCTFQq5iNZ4KS5WPvwaqX/nREYVoB5JSHawNxs:orTLmIp+/nREYKdD

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks