Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Invoices.exe

  • Size

    499KB

  • Sample

    231219-sx99asecfj

  • MD5

    665d29c6fa8c6b5b98bb888553d5b89b

  • SHA1

    62a4c99975583f84b9fdf13697ffce9afc3db13b

  • SHA256

    96e8eb2604c81bbb31a16ccf186aa3a9990f01e03b59df7c29536293edfa5454

  • SHA512

    eb746d68d5067944239233164d936201df4234b1723c33e2954fef4b8a89e8c9d1e9c3e01c760a27882e5ee9373aa9848a58dec5c9a7ea484853f5dfafa84333

  • SSDEEP

    12288:tlluAaJXFhQA+kdL82vSRyxTJqG4+fI9DygrFUhudFA2J1c:wAcXFWAFdkEx9qO6JUkd2

Score
8/10

Malware Config

Targets

    • Target

      Invoices.exe

    • Size

      499KB

    • MD5

      665d29c6fa8c6b5b98bb888553d5b89b

    • SHA1

      62a4c99975583f84b9fdf13697ffce9afc3db13b

    • SHA256

      96e8eb2604c81bbb31a16ccf186aa3a9990f01e03b59df7c29536293edfa5454

    • SHA512

      eb746d68d5067944239233164d936201df4234b1723c33e2954fef4b8a89e8c9d1e9c3e01c760a27882e5ee9373aa9848a58dec5c9a7ea484853f5dfafa84333

    • SSDEEP

      12288:tlluAaJXFhQA+kdL82vSRyxTJqG4+fI9DygrFUhudFA2J1c:wAcXFWAFdkEx9qO6JUkd2

    Score
    8/10
    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks