Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
tmp
-
Size
1.2MB
-
Sample
231214-xwmh3agaan
-
MD5
76512b389ab5a03c21699a4cfb8d740c
-
SHA1
76312420ff2986cc6b53aa1db20fc82399d90d9b
-
SHA256
78650669f298aa44da982c9726117cc1d173da5bdb8aa078efd133915aa75c7e
-
SHA512
4c231d15854d0b7e1cdccb918882f5c73b1a1fa9a0c6b27ae28bfc37cd904a4d47fb70a143e3c96c7ccd64b7f3a11484832ecc24f34ac37e0a2857729a271970
-
SSDEEP
24576:HyyCZ0erp6EGLdl6C6gkwlBOwwOWY7ihO62cYd1l/pxkbmzyRG:Sju6C6gFewAYe462cmRI2yR
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
tmp
-
Size
1.2MB
-
MD5
76512b389ab5a03c21699a4cfb8d740c
-
SHA1
76312420ff2986cc6b53aa1db20fc82399d90d9b
-
SHA256
78650669f298aa44da982c9726117cc1d173da5bdb8aa078efd133915aa75c7e
-
SHA512
4c231d15854d0b7e1cdccb918882f5c73b1a1fa9a0c6b27ae28bfc37cd904a4d47fb70a143e3c96c7ccd64b7f3a11484832ecc24f34ac37e0a2857729a271970
-
SSDEEP
24576:HyyCZ0erp6EGLdl6C6gkwlBOwwOWY7ihO62cYd1l/pxkbmzyRG:Sju6C6gFewAYe462cmRI2yR
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-