Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PAYMENT COPY.zip
-
Size
366KB
-
Sample
230831-m1vp5aec2v
-
MD5
a16b7550674c5595b00635b4a8d0818e
-
SHA1
947d145f11a67653a9d241e7f8384f9e0fb16417
-
SHA256
34e5043867e982258aaa56f59d5f35abc7b53ca1293853465ca7974758ffbfe9
-
SHA512
e1334bd3401ed67cac31744bad5b8bb15fc201d2d353a4c7852d476ad830bacb16bc76e6ca74ce25a89ef133e5c5615cb1267c2a9b5a073e94a3868b0c55cc80
-
SSDEEP
6144:fq5b2nbbvZA19VUm4MCJv1RtV32f4ZaxY4UhrzWvU6TPvErtYqJB2asepUaeUy8y:fqMnfvZuVDpcv1Rth2f4cxY4UhQlTPvx
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT COPY.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
PAYMENT COPY.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
PAYMENT COPY.exe
-
Size
517KB
-
MD5
07777ab79429d89e895fec96ff50b278
-
SHA1
5213f0cd557ba8f2ccb393ae2d97ca8d277195db
-
SHA256
4a63fd45dcc97cf19892173f6101ff932109f8e3c382db28ea077c63a65f203d
-
SHA512
dfa96457b683593147909eb03377fa9354a793243dc2facd82f19cd479f9ef57bdf644c0988ee8a169bba8591ad5daffeb3ff517c811285179765ba3eed6199a
-
SSDEEP
12288:WYePZVDtcv1rthwf4qxe4ChulTtvEHjTB2ZeauKH:WY0ZVZwSxPChSVEHZ5au8
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-