Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b45fd43e7e9a01d6fb4c327d25e54fd5.bin
-
Size
337KB
-
Sample
230901-cacfrabh63
-
MD5
46f94bee6b36a03a2c26d2c9abd40446
-
SHA1
9fc7ac46f25a8692a7f31a98fcf4b144bcc6aec5
-
SHA256
aa42ba56492cc27644fe8c2b2d474e4fe762a49e284dc391ff5a9807ce0b5b53
-
SHA512
52254b62101b12b8c90b1c6438509fd9134215d88480a9756942816014d5c2e109fc827fbcbbac19b7eaed1d8f135939cf5e009bb701354e42c21283b14eb1cd
-
SSDEEP
6144:hYFGtj1MoWR7Ca8w2Zj77BCNr8oX0t8BAL8pa1wr1SBsHwMc9QT:e8tjoR7CRtp7BpqJm8M1hAwb8
Static task
static1
Behavioral task
behavioral1
Sample
b45fd43e7e9a01d6fb4c327d25e54fd5.zip
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
b45fd43e7e9a01d6fb4c327d25e54fd5.zip
Resource
win10v2004-20230831-en
Behavioral task
behavioral3
Sample
Annual Leave and Salary Memo_PDF.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
Annual Leave and Salary Memo_PDF.exe
Resource
win10v2004-20230831-en
Malware Config
Targets
-
-
Target
b45fd43e7e9a01d6fb4c327d25e54fd5.bin
-
Size
337KB
-
MD5
46f94bee6b36a03a2c26d2c9abd40446
-
SHA1
9fc7ac46f25a8692a7f31a98fcf4b144bcc6aec5
-
SHA256
aa42ba56492cc27644fe8c2b2d474e4fe762a49e284dc391ff5a9807ce0b5b53
-
SHA512
52254b62101b12b8c90b1c6438509fd9134215d88480a9756942816014d5c2e109fc827fbcbbac19b7eaed1d8f135939cf5e009bb701354e42c21283b14eb1cd
-
SSDEEP
6144:hYFGtj1MoWR7Ca8w2Zj77BCNr8oX0t8BAL8pa1wr1SBsHwMc9QT:e8tjoR7CRtp7BpqJm8M1hAwb8
Score1/10 -
-
-
Target
Annual Leave and Salary Memo_PDF.exe
-
Size
352KB
-
MD5
5ac38c0411769fc70fde438d5d74ceeb
-
SHA1
4f3619eb37373854bde4f1a3e510e5c525f971c7
-
SHA256
8e06e30fe6a9c4f64a09da567c0a6d2f01b49622f535122736d1dd7177b7f9be
-
SHA512
8d46c0b9fbfe711fcc95cbfe723ec864b1366bcc06cdfd6986126fbc4e2a013a708bface78e3fa023b084abb965cf0a6184f4192f13cc8ec87b28028db886b10
-
SSDEEP
6144:/Ya6evNxhBqtTbVirSLYsL3Y3A/IIHVAg2+C+qpWFtsDUV+ONMI3Uv/rr37FnqTZ:/YIvN/Bqr6szd/IIHuQVFFtscr3Yr02E
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-