Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

INVOICE.exe

windows7-x64

7

INVOICE.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICE.exe

  • Size

    369KB

  • Sample

    230704-gjkwpscg3y

  • MD5

    304982562295bef516f43831130c84a2

  • SHA1

    5ac0bee1956d264b88baff846ccbc7360ceb9291

  • SHA256

    ce95bf97082a2895a94b3ddd23d9906f4101bc7cbedb4bcf3d0dab94e834aaab

  • SHA512

    6199c3a0a4091e3b5cea65a8e7a4f840ffb69aaca6c0ea2d37ab53791bd46f6a8675e78837146d8356535d4bff8e544ebb636904ad4848e2133c79bfa7367a83

  • SSDEEP

    6144:/Ya6lk/PHuX3HoRnK1bwQcynCvbneGLtiauZx1AODRvGIz0LVxe:/Y/kHH+3H2K1cSnC3AwODRHz0Vxe

Score
7/10
persistence

Malware Config

Targets

    • Target

      INVOICE.exe

    • Size

      369KB

    • MD5

      304982562295bef516f43831130c84a2

    • SHA1

      5ac0bee1956d264b88baff846ccbc7360ceb9291

    • SHA256

      ce95bf97082a2895a94b3ddd23d9906f4101bc7cbedb4bcf3d0dab94e834aaab

    • SHA512

      6199c3a0a4091e3b5cea65a8e7a4f840ffb69aaca6c0ea2d37ab53791bd46f6a8675e78837146d8356535d4bff8e544ebb636904ad4848e2133c79bfa7367a83

    • SSDEEP

      6144:/Ya6lk/PHuX3HoRnK1bwQcynCvbneGLtiauZx1AODRvGIz0LVxe:/Y/kHH+3H2K1cSnC3AwODRHz0Vxe

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks