Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9644bf6130818a23b7820e4441d84d6a.bin

  • Size

    9.6MB

  • Sample

    230923-cvmgfsbg3s

  • MD5

    85a24aeeb31ab9358e0ecbe11c4feab6

  • SHA1

    c77d7a00f6c30d9f1b61284bdbad1d5b07892f79

  • SHA256

    48651a44a3a744fdc099d080dde0f99dbdb8843c09f16bafedcb11e15859ea45

  • SHA512

    297e7f2b74b0398be279d15f215fe13f3f1ed877f439c4e18f4a5f12585a0e63b9a6919b893f0057fe0346fb4ef333815d9ccb7adde7cc4c9a83cc8cb6c17b5b

  • SSDEEP

    196608:+/AYPaHJaFcAXMaBKeeOudsZ3XtS6E56KChTCqT:+oYPaIcAX/TeOudsZ3wcKChTCqT

Score
10/10

Malware Config

Targets

    • Target

      050efb70d521f74a42dcd63c703900433b03cf138fcfa1812705c8cb37deb1ea.bat

    • Size

      14.6MB

    • MD5

      9644bf6130818a23b7820e4441d84d6a

    • SHA1

      654d821a794488acba87a809e8eab889eb9845db

    • SHA256

      050efb70d521f74a42dcd63c703900433b03cf138fcfa1812705c8cb37deb1ea

    • SHA512

      db83473f76f680fa8f93da5bfa71d2b396f4cef44d222e75430a09432c68b67e37c92ca56b7f5d54265cbbb44145df00a11ccf89c498a391af609a2976c6beb9

    • SSDEEP

      49152:VfcOj5SiJ6+FBW/rRNkFa34CG36ICLvbtSAKsASfycGoA+uVteH7ki8KjXtXH8xU:u

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks