Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    g7306605.exe

  • Size

    213KB

  • Sample

    231013-18vxradb3z

  • MD5

    ba2e40d2cf49ce7901cc39e793ed4109

  • SHA1

    0e1814555f7b66886d9bce7a2497c65395e3663c

  • SHA256

    9d47a47a910ce3505288372749c21ba14978721946403aba4df7cff52aceb9c4

  • SHA512

    3f863210fba8af719c52cc69460feb652be6c0abf9ea727e940e637a61cf458b532e5c630ea6d8027984dd7f31875b59ebf1375727e27efc28b837a9ba98bf63

  • SSDEEP

    6144:OQQiKL/yfYb5B+BO99c0s0ZVtAOCgvE9:JQ//yfYb5BIQZVtQn9

Malware Config

Targets

    • Target

      g7306605.exe

    • Size

      213KB

    • MD5

      ba2e40d2cf49ce7901cc39e793ed4109

    • SHA1

      0e1814555f7b66886d9bce7a2497c65395e3663c

    • SHA256

      9d47a47a910ce3505288372749c21ba14978721946403aba4df7cff52aceb9c4

    • SHA512

      3f863210fba8af719c52cc69460feb652be6c0abf9ea727e940e637a61cf458b532e5c630ea6d8027984dd7f31875b59ebf1375727e27efc28b837a9ba98bf63

    • SSDEEP

      6144:OQQiKL/yfYb5B+BO99c0s0ZVtAOCgvE9:JQ//yfYb5BIQZVtQn9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks