Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Invoice.rar

  • Size

    274KB

  • Sample

    230712-hwhgsacc85

  • MD5

    26a36c778e54aaa3dc01f256eb328fd1

  • SHA1

    41b5bdd35cf1798de086c564601b7c9d58f80034

  • SHA256

    97d82ef629cc257cd211526fff0f49793539ae95b72071d38c13721e603ae98e

  • SHA512

    cecf0d0280d235942bbebc3eb955d3a4c0317e7640ceda2944b2858aec8013cea6442dc817355c0904d5ace67256e9855e2bdece84477cc21f41591a6f321d8b

  • SSDEEP

    6144:hT1zajXm4SSi1UFJ2mQmFDqdt92avvyIejNCgOeZ:hTFajXmB31G2mnDqdtzvA0eZ

Score
7/10

Malware Config

Targets

    • Target

      Invoice.exe

    • Size

      290KB

    • MD5

      251059be9d81ed9e5dcef07d3da50410

    • SHA1

      7d7c53f24a2996b2be19a6be740a3ff27bc0bfcb

    • SHA256

      a18c3de560cfe832821c01661931953efe47d1506955f779ce2760550a1a63c8

    • SHA512

      3dbd5c3aaea44cb381129a4d9395028b2b29a3d8d7b2ce4bff481c1a12bfea63d8f80b4fa8e2b47edce7d37f1b6093ba297a783370fc149429dc2eee66d83779

    • SSDEEP

      6144:/Ya6nBlQZtNfvjoaXOz+e5hljyV1DM6O2MxO5G0l7S8CYmMw4mli/mN:/YdjstNTOSeAK6O2Mx+G0FS8CZ/4kWK

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks