Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
file.exe
-
Size
272KB
-
Sample
231117-s9bw9sbf2z
-
MD5
76c98648f11970e09c160ae0224cb9f2
-
SHA1
a1c7aa09a9ea241d69b8d378b98b64a7132b8929
-
SHA256
de3cdc934393a5e4065690686ff7042e51f89efbcd15ca4df1f08dfcca8622f1
-
SHA512
5e967565241c8d18f79e145e73df6050b480de31f40188d2cd70bd6a9d178c4fa93fcc1696ed7342bcf90b34a4a11168bd8a3852c626e97d636e0b60d03615ab
-
SSDEEP
3072:yks08uYWLa6HVkluiY+BGzF88GK5ydpRsIgtCT6RsVip39iVR:DvTYivSxYTWXKypVipM
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
tofsee
vanaheim.cn
jotunheim.name
Targets
-
-
Target
file.exe
-
Size
272KB
-
MD5
76c98648f11970e09c160ae0224cb9f2
-
SHA1
a1c7aa09a9ea241d69b8d378b98b64a7132b8929
-
SHA256
de3cdc934393a5e4065690686ff7042e51f89efbcd15ca4df1f08dfcca8622f1
-
SHA512
5e967565241c8d18f79e145e73df6050b480de31f40188d2cd70bd6a9d178c4fa93fcc1696ed7342bcf90b34a4a11168bd8a3852c626e97d636e0b60d03615ab
-
SSDEEP
3072:yks08uYWLa6HVkluiY+BGzF88GK5ydpRsIgtCT6RsVip39iVR:DvTYivSxYTWXKypVipM
Score10/10-
Creates new service(s)
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
2Windows Service
2