Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9

  • Size

    2.0MB

  • Sample

    231106-hm57gsbb86

  • MD5

    396936c3276814680b90a5641f158dfa

  • SHA1

    0b88285750160285e27f242ec480a9cf2b40f5b5

  • SHA256

    ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9

  • SHA512

    4e838dc7771f2836f1caf40a2c05cfc874e0fdf4ed384879ca5719c0149b05b99998a90823de1af0e4a292c99a915fea0709557defa9c30f6d26db2bd73b3e21

  • SSDEEP

    12288:SOuW5o/oStscy+4CWKKCrZTGF/k8uMxtxPvvzz5KnL/JLW8Wdvp/8DeBo1irkoEQ:SjSow18JbKkKF/eMNPjgI1rh

Score
10/10

Malware Config

Targets

    • Target

      ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9

    • Size

      2.0MB

    • MD5

      396936c3276814680b90a5641f158dfa

    • SHA1

      0b88285750160285e27f242ec480a9cf2b40f5b5

    • SHA256

      ee882c7298dfb477789205f2e6be0aca489f9bbc07bbfbb25ff3c897b0b0b9d9

    • SHA512

      4e838dc7771f2836f1caf40a2c05cfc874e0fdf4ed384879ca5719c0149b05b99998a90823de1af0e4a292c99a915fea0709557defa9c30f6d26db2bd73b3e21

    • SSDEEP

      12288:SOuW5o/oStscy+4CWKKCrZTGF/k8uMxtxPvvzz5KnL/JLW8Wdvp/8DeBo1irkoEQ:SjSow18JbKkKF/eMNPjgI1rh

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks