Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd8d1d96db02b4576c08e0079492b95e

  • Size

    2.8MB

  • Sample

    231220-q6fd6sbgcm

  • MD5

    bd8d1d96db02b4576c08e0079492b95e

  • SHA1

    2bd78ae7051dcf5fbfa78cb1875be1bd64b6e490

  • SHA256

    2965af6203140fd8d1b6b4e1f57686ca22330e4cc24ecdad36c3b0868c846c38

  • SHA512

    1d96061ff117afcc8ee7171403f58ee361c165098d53b12a4e8ed2120df9c2e5c57bc209dc3b3a6ed24dd19cb41aa468d0998e6800e372b2a9ebca0862607a4b

  • SSDEEP

    49152:67N1ahC40V7N1ahCw0V7N1ahCH0V7N1ahCR0:67F797K7

Malware Config

Targets

    • Target

      bd8d1d96db02b4576c08e0079492b95e

    • Size

      2.8MB

    • MD5

      bd8d1d96db02b4576c08e0079492b95e

    • SHA1

      2bd78ae7051dcf5fbfa78cb1875be1bd64b6e490

    • SHA256

      2965af6203140fd8d1b6b4e1f57686ca22330e4cc24ecdad36c3b0868c846c38

    • SHA512

      1d96061ff117afcc8ee7171403f58ee361c165098d53b12a4e8ed2120df9c2e5c57bc209dc3b3a6ed24dd19cb41aa468d0998e6800e372b2a9ebca0862607a4b

    • SSDEEP

      49152:67N1ahC40V7N1ahCw0V7N1ahCH0V7N1ahCR0:67F797K7

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • FakeAV payload

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks