Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    041a8f8f1bae4decc9d995d124af170a6ff8ecb80a5338fb2421eeac232ae6fc

  • Size

    399KB

  • Sample

    231121-av8nksbg4v

  • MD5

    4b24f57f224315d69492a029ed43a92f

  • SHA1

    bc9724527b74aac48a4c94f7ae7c4f83a5ee8c0d

  • SHA256

    041a8f8f1bae4decc9d995d124af170a6ff8ecb80a5338fb2421eeac232ae6fc

  • SHA512

    f9526da1252c24f19159078ca4affb35edbd7d65dbfd1c6cd11d549ff9c22bd8e453f4742a11dc6ad7f6d9845806526898418f7ea13b2b5620f3af4617c91470

  • SSDEEP

    6144:YZmsQhU+bZVx5rLKJzu6gLP44ZwcDy/qF6cEOkCybEaQRXr9HNdvOapLF:8UF30Ngj44ecDyfOkx2LIapLF

Score
10/10

Malware Config

Targets

    • Target

      041a8f8f1bae4decc9d995d124af170a6ff8ecb80a5338fb2421eeac232ae6fc

    • Size

      399KB

    • MD5

      4b24f57f224315d69492a029ed43a92f

    • SHA1

      bc9724527b74aac48a4c94f7ae7c4f83a5ee8c0d

    • SHA256

      041a8f8f1bae4decc9d995d124af170a6ff8ecb80a5338fb2421eeac232ae6fc

    • SHA512

      f9526da1252c24f19159078ca4affb35edbd7d65dbfd1c6cd11d549ff9c22bd8e453f4742a11dc6ad7f6d9845806526898418f7ea13b2b5620f3af4617c91470

    • SSDEEP

      6144:YZmsQhU+bZVx5rLKJzu6gLP44ZwcDy/qF6cEOkCybEaQRXr9HNdvOapLF:8UF30Ngj44ecDyfOkx2LIapLF

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks