Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Order Sep 2023.js

  • Size

    641KB

  • Sample

    230918-qd8j9abg66

  • MD5

    abcc8edc710ec4950ca9bf69cd99fb46

  • SHA1

    d8ccde8c22a61fd95343a3fa1a6bfd735b95665c

  • SHA256

    275216a98698d7dbd73a1c75693ef043894e7753711bc606f4de20719f7ec772

  • SHA512

    892d5e10efbab46de530841d42ec7daf75df1e3755df5e1f406030adf8193a2207c5d1f02edfbb42c29123b5e8b954086295c024ce2e32b1a8c415e36fed85d2

  • SSDEEP

    12:+E2qkhZXa4Ft+CH3fATkvA+72NAMchqV39yex+pBtg/6J35xmn:JWZ/XnHIToAXNArhIys+pA/2pxu

Malware Config

Targets

    • Target

      Order Sep 2023.js

    • Size

      641KB

    • MD5

      abcc8edc710ec4950ca9bf69cd99fb46

    • SHA1

      d8ccde8c22a61fd95343a3fa1a6bfd735b95665c

    • SHA256

      275216a98698d7dbd73a1c75693ef043894e7753711bc606f4de20719f7ec772

    • SHA512

      892d5e10efbab46de530841d42ec7daf75df1e3755df5e1f406030adf8193a2207c5d1f02edfbb42c29123b5e8b954086295c024ce2e32b1a8c415e36fed85d2

    • SSDEEP

      12:+E2qkhZXa4Ft+CH3fATkvA+72NAMchqV39yex+pBtg/6J35xmn:JWZ/XnHIToAXNArhIys+pA/2pxu

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Registers COM server for autorun

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks