Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file
-
Size
1.8MB
-
Sample
230627-q4t5jsec44
-
MD5
08bd9f40d1e009c3ea0475aed29e597a
-
SHA1
93eb930b3b54dce404916daa9d7761aa7f23bc4e
-
SHA256
f0f756cdd6211e7ccaa203844abf95f2993dd2c1033fde42f5e17ba10adb67e6
-
SHA512
ccc43b7355cf1f0d25ad7dddfde189e7d288e489921ee520861a12921ed2a9b12438a28f86bc14c6c69902ebd6d73e3d0db3ad63a2954ca1f7960d74eb56fe92
-
SSDEEP
49152:3JfC7C2mJOTXP3NWpItn+id8pq+Z6Q2Xr7oX1f00/gZv+1X2J+lX:7XTU+1X2JG
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230621-en
Malware Config
Targets
-
-
Target
file
-
Size
1.8MB
-
MD5
08bd9f40d1e009c3ea0475aed29e597a
-
SHA1
93eb930b3b54dce404916daa9d7761aa7f23bc4e
-
SHA256
f0f756cdd6211e7ccaa203844abf95f2993dd2c1033fde42f5e17ba10adb67e6
-
SHA512
ccc43b7355cf1f0d25ad7dddfde189e7d288e489921ee520861a12921ed2a9b12438a28f86bc14c6c69902ebd6d73e3d0db3ad63a2954ca1f7960d74eb56fe92
-
SSDEEP
49152:3JfC7C2mJOTXP3NWpItn+id8pq+Z6Q2Xr7oX1f00/gZv+1X2J+lX:7XTU+1X2JG
-
XMRig Miner payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-