Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5e9a36c33ab7a7df2929f0f2d9f271e2

  • Size

    8.5MB

  • Sample

    231219-t25p2shbg9

  • MD5

    5e9a36c33ab7a7df2929f0f2d9f271e2

  • SHA1

    de270069bbfbfea2222f54f6f5f8c0917add8839

  • SHA256

    f410fdede2b8fd16de3f5fe46073d768e179f1f57e6fbef7bbad576cd698d0c5

  • SHA512

    e02436664a04486b0a819fe8c019b0d9638ec58c81ceb823ac78a84b252e1b50552b6cfa03f0a0f0c8825a45e5ecb2e5782e1dbe64fd2222ea4150415dc7e826

  • SSDEEP

    49152:67N1ahCQ0V7N1ahCm0V7N1ahC70V7N1ahCy0V7N1ahCl0V7N1ahCL0V7N1ahCp0I:67d7z7u7f7Y7+7c7y7B7v7+7

Malware Config

Targets

    • Target

      5e9a36c33ab7a7df2929f0f2d9f271e2

    • Size

      8.5MB

    • MD5

      5e9a36c33ab7a7df2929f0f2d9f271e2

    • SHA1

      de270069bbfbfea2222f54f6f5f8c0917add8839

    • SHA256

      f410fdede2b8fd16de3f5fe46073d768e179f1f57e6fbef7bbad576cd698d0c5

    • SHA512

      e02436664a04486b0a819fe8c019b0d9638ec58c81ceb823ac78a84b252e1b50552b6cfa03f0a0f0c8825a45e5ecb2e5782e1dbe64fd2222ea4150415dc7e826

    • SSDEEP

      49152:67N1ahCQ0V7N1ahCm0V7N1ahC70V7N1ahCy0V7N1ahCl0V7N1ahCL0V7N1ahCp0I:67d7z7u7f7Y7+7c7y7B7v7+7

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • FakeAV payload

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks