Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    493610666610bb568fb1fb2a29dfc86a

  • Size

    531KB

  • Sample

    231226-btybwsaghr

  • MD5

    493610666610bb568fb1fb2a29dfc86a

  • SHA1

    96364789f310a0d3747e538d88cf38bd89cd7eba

  • SHA256

    98c830e1f593c1eae961b44822ac2990df90e214aad17cc9c3caf19b09005f7e

  • SHA512

    a5bb73054286b49f208267bcfff8cc0794b2fce111a159229c72e1f7dcb37a91d4d47a92925364b2fa3875e3807cc9424b87c22623a75d19e8d7b2ad866a0167

  • SSDEEP

    12288:2Qv0eBwZPTf7+y1dKluklBIy/8YwA7GH4:H82Wb7+SEP/RJG4

Score
10/10

Malware Config

Targets

    • Target

      493610666610bb568fb1fb2a29dfc86a

    • Size

      531KB

    • MD5

      493610666610bb568fb1fb2a29dfc86a

    • SHA1

      96364789f310a0d3747e538d88cf38bd89cd7eba

    • SHA256

      98c830e1f593c1eae961b44822ac2990df90e214aad17cc9c3caf19b09005f7e

    • SHA512

      a5bb73054286b49f208267bcfff8cc0794b2fce111a159229c72e1f7dcb37a91d4d47a92925364b2fa3875e3807cc9424b87c22623a75d19e8d7b2ad866a0167

    • SSDEEP

      12288:2Qv0eBwZPTf7+y1dKluklBIy/8YwA7GH4:H82Wb7+SEP/RJG4

    Score
    10/10
    • Modifies WinLogon for persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks