Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
4.4MB
-
Sample
230522-a3gvtsdb52
-
MD5
6355c5f8f98ffd7042a07ed616a2bb34
-
SHA1
c10c4de037d7c0aacce0acfdd02f012bff7233da
-
SHA256
a4812a7dd2dd31471e590d7a45ddc945dfbd646512a048a39383427e8ea885cc
-
SHA512
12778fdc50d26554f9ac06620aec6627c71c4afe1205ddf6aa1d8d1507e12cbe8a5d20c28053c0ff3e928787469e58bb4c90fb56544076aa21994212b4e9ee90
-
SSDEEP
98304:V5OVT7lWSbmaQ2MRiRJsXmFb55E9SRoy6biRmUgCOjzO8Hoh8AqZ0:VQTzmaQ2MaVFbZyHbWWvO8HoL
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
file.exe
-
Size
4.4MB
-
MD5
6355c5f8f98ffd7042a07ed616a2bb34
-
SHA1
c10c4de037d7c0aacce0acfdd02f012bff7233da
-
SHA256
a4812a7dd2dd31471e590d7a45ddc945dfbd646512a048a39383427e8ea885cc
-
SHA512
12778fdc50d26554f9ac06620aec6627c71c4afe1205ddf6aa1d8d1507e12cbe8a5d20c28053c0ff3e928787469e58bb4c90fb56544076aa21994212b4e9ee90
-
SSDEEP
98304:V5OVT7lWSbmaQ2MRiRJsXmFb55E9SRoy6biRmUgCOjzO8Hoh8AqZ0:VQTzmaQ2MaVFbZyHbWWvO8HoL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-