Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    924a03b09c1e5e1c66c288b127485209

  • Size

    2.7MB

  • Sample

    231219-y4g4zsfbd9

  • MD5

    924a03b09c1e5e1c66c288b127485209

  • SHA1

    443f6a265c25bf63070196d534905bcc62002d1c

  • SHA256

    c68e8ff7b79dd9ea963475a96065d7794c9ed15ccf46d7c0398fec4292142a2c

  • SHA512

    707884e950de9b286fa6a439c039e84e4519f81681efe216958db5e8db54fbb36361750416bac2d31e634a71544d0dd950c9043fd000eea27517ae486a5b3df1

  • SSDEEP

    49152:67N1ahCL0V7N1ahCw0V7N1ahCT0V7N1ahC4:67+797G74

Malware Config

Targets

    • Target

      924a03b09c1e5e1c66c288b127485209

    • Size

      2.7MB

    • MD5

      924a03b09c1e5e1c66c288b127485209

    • SHA1

      443f6a265c25bf63070196d534905bcc62002d1c

    • SHA256

      c68e8ff7b79dd9ea963475a96065d7794c9ed15ccf46d7c0398fec4292142a2c

    • SHA512

      707884e950de9b286fa6a439c039e84e4519f81681efe216958db5e8db54fbb36361750416bac2d31e634a71544d0dd950c9043fd000eea27517ae486a5b3df1

    • SSDEEP

      49152:67N1ahCL0V7N1ahCw0V7N1ahCT0V7N1ahC4:67+797G74

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • FakeAV payload

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks