275216a98698d7dbd73a1c75693ef043894e7753711bc606f4de20719f7ec772 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Order Sep 2023.js

windows7-x64

3

Order Sep 2023.js

windows10-2004-x64

8

Sharing

General

Target

Order Sep 2023.js
Size

641KB
Sample

230918-qd8j9abg66
MD5

abcc8edc710ec4950ca9bf69cd99fb46
SHA1

d8ccde8c22a61fd95343a3fa1a6bfd735b95665c
SHA256

275216a98698d7dbd73a1c75693ef043894e7753711bc606f4de20719f7ec772
SHA512

892d5e10efbab46de530841d42ec7daf75df1e3755df5e1f406030adf8193a2207c5d1f02edfbb42c29123b5e8b954086295c024ce2e32b1a8c415e36fed85d2
SSDEEP

12:+E2qkhZXa4Ft+CH3fATkvA+72NAMchqV39yex+pBtg/6J35xmn:JWZ/XnHIToAXNArhIys+pA/2pxu

Score

8^/10

collection persistence

Static task

static1

Behavioral task

behavioral1

Sample

Order Sep 2023.js

Resource

win7-20230831-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Order Sep 2023.js

Resource

win10v2004-20230915-en

collection persistence

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  Order Sep 2023.js
- Size
  
  641KB
- MD5
  
  abcc8edc710ec4950ca9bf69cd99fb46
- SHA1
  
  d8ccde8c22a61fd95343a3fa1a6bfd735b95665c
- SHA256
  
  275216a98698d7dbd73a1c75693ef043894e7753711bc606f4de20719f7ec772
- SHA512
  
  892d5e10efbab46de530841d42ec7daf75df1e3755df5e1f406030adf8193a2207c5d1f02edfbb42c29123b5e8b954086295c024ce2e32b1a8c415e36fed85d2
- SSDEEP
  
  12:+E2qkhZXa4Ft+CH3fATkvA+72NAMchqV39yex+pBtg/6J35xmn:JWZ/XnHIToAXNArhIys+pA/2pxu
Score

8^/10

collection persistence
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Registers COM server for autorun
  persistence
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectionpersistence

© 2018-2025

Terms | Privacy