Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    100beb3f361fab2c438cfba6d91d838c

  • Size

    264KB

  • Sample

    231230-f7wgnsebcl

  • MD5

    100beb3f361fab2c438cfba6d91d838c

  • SHA1

    91c7c07b680a2bb99ffe06ef51fd31daff94e0b7

  • SHA256

    60bc8394bb6191bcfddd2cd4a5e83a32ad6310d2daf73b360258ba456efd575d

  • SHA512

    c1bb40e7265269f9f75d61bd1965ffec4861819f5703ecc5c7222fc8d42bad38915c27bf35f26f6c80ff4bf3623f5ec7cce69c41fbfcfd2eaa458d2e77be9ebf

  • SSDEEP

    1536:SYXRah9nifQfx2ra1+8R0/+n4omi2DZXx7wDcQsau309hV/BkmpzA3u806jQ:SU1fQfv0Y4JH30x/ZcQ

Malware Config

Targets

    • Target

      100beb3f361fab2c438cfba6d91d838c

    • Size

      264KB

    • MD5

      100beb3f361fab2c438cfba6d91d838c

    • SHA1

      91c7c07b680a2bb99ffe06ef51fd31daff94e0b7

    • SHA256

      60bc8394bb6191bcfddd2cd4a5e83a32ad6310d2daf73b360258ba456efd575d

    • SHA512

      c1bb40e7265269f9f75d61bd1965ffec4861819f5703ecc5c7222fc8d42bad38915c27bf35f26f6c80ff4bf3623f5ec7cce69c41fbfcfd2eaa458d2e77be9ebf

    • SSDEEP

      1536:SYXRah9nifQfx2ra1+8R0/+n4omi2DZXx7wDcQsau309hV/BkmpzA3u806jQ:SU1fQfv0Y4JH30x/ZcQ

    • Modifies security service

    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • UAC bypass

    • Windows security bypass

    • Drops file in Drivers directory

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks