Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Notice86x64.exe

  • Size

    6.9MB

  • Sample

    230525-qdtq4aag9x

  • MD5

    bd294af66e42c317ff4bde406043e918

  • SHA1

    c508e4ca273dffca5966cb41f13ec3bb78034108

  • SHA256

    4645c34b63cfe2e839c31994ae00756b38bae0212aceaa8875d69c176e14de3c

  • SHA512

    1e66e6599a6d0b1d9ef1426349bb69e0379997f7d6fbc8f518033062d617af86588c668a8a29841798df2f87566f28834651b9cc57af6e1951eeda432b3fa357

  • SSDEEP

    98304:qSipzN7QKKSW+Aic8vBquYafPwy46kubjHZDMRpSwme6K8VrpPobS+I4:qaSW+Aic8ZqRawhubTiX0etc+I4

Score
8/10

Malware Config

Targets

    • Target

      Notice86x64.exe

    • Size

      6.9MB

    • MD5

      bd294af66e42c317ff4bde406043e918

    • SHA1

      c508e4ca273dffca5966cb41f13ec3bb78034108

    • SHA256

      4645c34b63cfe2e839c31994ae00756b38bae0212aceaa8875d69c176e14de3c

    • SHA512

      1e66e6599a6d0b1d9ef1426349bb69e0379997f7d6fbc8f518033062d617af86588c668a8a29841798df2f87566f28834651b9cc57af6e1951eeda432b3fa357

    • SSDEEP

      98304:qSipzN7QKKSW+Aic8vBquYafPwy46kubjHZDMRpSwme6K8VrpPobS+I4:qaSW+Aic8ZqRawhubTiX0etc+I4

    Score
    8/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Use of msiexec (install) with remote resource

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks