Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0cdf14fd98567284a5cbe2fa14e93ca4

  • Size

    16KB

  • Sample

    231230-dycxvsbehq

  • MD5

    0cdf14fd98567284a5cbe2fa14e93ca4

  • SHA1

    7e87bbd434b28dab98a471628ec357681db9d608

  • SHA256

    05e7a07a0cac3c776354d01d2858289465705e857fbd447c14a1b45467a5f1fa

  • SHA512

    3c2bd27a6356deb4b90bd148e81e6b83a35ebf86845f18c07565222de69fa9acf88756eb7f6d0fa2c4caf63315e5e8d7d0864e72860586a257211d38e53ece16

  • SSDEEP

    384:zMepYgyGv5TQtC3t8/PTu0OFh5QL4IFIaDnqW20+EcvxZFL26:/PPBQtCs/Om1FMW+hL26

Malware Config

Targets

    • Target

      0cdf14fd98567284a5cbe2fa14e93ca4

    • Size

      16KB

    • MD5

      0cdf14fd98567284a5cbe2fa14e93ca4

    • SHA1

      7e87bbd434b28dab98a471628ec357681db9d608

    • SHA256

      05e7a07a0cac3c776354d01d2858289465705e857fbd447c14a1b45467a5f1fa

    • SHA512

      3c2bd27a6356deb4b90bd148e81e6b83a35ebf86845f18c07565222de69fa9acf88756eb7f6d0fa2c4caf63315e5e8d7d0864e72860586a257211d38e53ece16

    • SSDEEP

      384:zMepYgyGv5TQtC3t8/PTu0OFh5QL4IFIaDnqW20+EcvxZFL26:/PPBQtCs/Om1FMW+hL26

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks