Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Invoices.exe
-
Size
499KB
-
Sample
231219-sx99asecfj
-
MD5
665d29c6fa8c6b5b98bb888553d5b89b
-
SHA1
62a4c99975583f84b9fdf13697ffce9afc3db13b
-
SHA256
96e8eb2604c81bbb31a16ccf186aa3a9990f01e03b59df7c29536293edfa5454
-
SHA512
eb746d68d5067944239233164d936201df4234b1723c33e2954fef4b8a89e8c9d1e9c3e01c760a27882e5ee9373aa9848a58dec5c9a7ea484853f5dfafa84333
-
SSDEEP
12288:tlluAaJXFhQA+kdL82vSRyxTJqG4+fI9DygrFUhudFA2J1c:wAcXFWAFdkEx9qO6JUkd2
Static task
static1
Behavioral task
behavioral1
Sample
Invoices.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Invoices.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Invoices.exe
-
Size
499KB
-
MD5
665d29c6fa8c6b5b98bb888553d5b89b
-
SHA1
62a4c99975583f84b9fdf13697ffce9afc3db13b
-
SHA256
96e8eb2604c81bbb31a16ccf186aa3a9990f01e03b59df7c29536293edfa5454
-
SHA512
eb746d68d5067944239233164d936201df4234b1723c33e2954fef4b8a89e8c9d1e9c3e01c760a27882e5ee9373aa9848a58dec5c9a7ea484853f5dfafa84333
-
SSDEEP
12288:tlluAaJXFhQA+kdL82vSRyxTJqG4+fI9DygrFUhudFA2J1c:wAcXFWAFdkEx9qO6JUkd2
Score8/10-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-