Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    parsec-windows.exe

  • Size

    2.7MB

  • Sample

    230713-yapa7saf27

  • MD5

    86c3e34147f64ca7b0bcfe4564317706

  • SHA1

    dffbf6d25bcfe675fc314968a4413ba9757b6c25

  • SHA256

    e17c059a2ec3153241f4cddf8081f19e83af890cb9126f3e1528474c29610786

  • SHA512

    8d5f2efa99de7c6275162927b77dc3b5d640fbd18d771cff71ee7bd3cb8009d87fa23b8f29113d15aaca17b7aaa33a440434ba1ac2db7c1998d14673d31d4e5c

  • SSDEEP

    49152:P3myVbHOO2Q4gSrF32OL5OsrcnWYBR959Cenopym7r4bvwfIr+Z4NJU/EPM/Ob:PWyBH52oYZLTrcWYn959CeTIIr+eXUSf

Malware Config

Targets

    • Target

      parsec-windows.exe

    • Size

      2.7MB

    • MD5

      86c3e34147f64ca7b0bcfe4564317706

    • SHA1

      dffbf6d25bcfe675fc314968a4413ba9757b6c25

    • SHA256

      e17c059a2ec3153241f4cddf8081f19e83af890cb9126f3e1528474c29610786

    • SHA512

      8d5f2efa99de7c6275162927b77dc3b5d640fbd18d771cff71ee7bd3cb8009d87fa23b8f29113d15aaca17b7aaa33a440434ba1ac2db7c1998d14673d31d4e5c

    • SSDEEP

      49152:P3myVbHOO2Q4gSrF32OL5OsrcnWYBR959Cenopym7r4bvwfIr+Z4NJU/EPM/Ob:PWyBH52oYZLTrcWYn959CeTIIr+eXUSf

    • Creates new service(s)

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Modifies Windows Firewall

    • Stops running service(s)

    • Adds Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks