Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    justificante de pago.rar

  • Size

    292KB

  • Sample

    231122-m82teace9w

  • MD5

    7679ec5783727d2bbe94cd0ff74feed8

  • SHA1

    7af76656e53fe174d28fe05397b9142447fb77c5

  • SHA256

    45674b2005b1d5cbf2d18dcb6a95585d90f055b696d5e5881d47cbdd1ba20f92

  • SHA512

    5e9a4887fc2c44c69882ab9440313b7866b7af25133164a840e06bc1fa1f83d5f3849db7b191301b6a623d314b773f405d77c4f48fdb08f5423e4c46fc2426cd

  • SSDEEP

    6144:TT4DtPsbFhPYwPL0cMVTmsmOriSyygpCFccq22SWJtC3yv9gg3rZ/:TTAsbzPT0rVasjSFoF5qltCi9hV

Score
7/10

Malware Config

Targets

    • Target

      justificante de pago.exe

    • Size

      290KB

    • MD5

      7f45d3ae1250a354a3c0955e0414f9ec

    • SHA1

      e2242211da4349bb85d1935831957405a4f98669

    • SHA256

      206b596f2a06c33b636698217854ab8c417ae20f50ba59247a7a2bed74ccacf2

    • SHA512

      eda0da12d190ce6e03a4f9ab8c1e9e24b3be5a0db186619f167fd54359fbdbf6a40d42162ef67b58c73a012ae73cd99b5b4c6d0e56b77f697ae8bc181480f3ef

    • SSDEEP

      6144:TT4DtPsbFhPYwPL0cMVTmsmOriSyygpCFccq22SWJtC3yv9gg3rZ/m:TTAsbzPT0rVasjSFoF5qltCi9hVm

    Score
    7/10
    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks