Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4c5b1b00a0f260c2dafa1c753018970_exe32.exe

  • Size

    144KB

  • Sample

    231015-yewk3sde7z

  • MD5

    a4c5b1b00a0f260c2dafa1c753018970

  • SHA1

    4fe1bfcc3bf8b0a514bd93f5285b57538d3f3bd7

  • SHA256

    9a92929388c7e26f4be359568b1686645f0c16d0f9d55273e8e67302933c06d2

  • SHA512

    e6dd45d519210c47d24426792323e84604373cffdfc991a5405469c15a53348c934071a533f089642d66c4b8a71de93662c2e8d3c48e2685b90cf6aceae7ed0e

  • SSDEEP

    1536:PJg/NVWIHWAmJihqbzWh9GuUKzzcjoNP3ojR6MUAhCLR3Jz4kahylrfR+yIMpmG5:arVSlGh9Gx0zcjoRmR1Ud4kYKkOmHlI

Score
10/10

Malware Config

Targets

    • Target

      a4c5b1b00a0f260c2dafa1c753018970_exe32.exe

    • Size

      144KB

    • MD5

      a4c5b1b00a0f260c2dafa1c753018970

    • SHA1

      4fe1bfcc3bf8b0a514bd93f5285b57538d3f3bd7

    • SHA256

      9a92929388c7e26f4be359568b1686645f0c16d0f9d55273e8e67302933c06d2

    • SHA512

      e6dd45d519210c47d24426792323e84604373cffdfc991a5405469c15a53348c934071a533f089642d66c4b8a71de93662c2e8d3c48e2685b90cf6aceae7ed0e

    • SSDEEP

      1536:PJg/NVWIHWAmJihqbzWh9GuUKzzcjoNP3ojR6MUAhCLR3Jz4kahylrfR+yIMpmG5:arVSlGh9Gx0zcjoRmR1Ud4kYKkOmHlI

    Score
    10/10
    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks