Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1a7c1927f515eeec926a21d5e91e12da

  • Size

    50KB

  • Sample

    231230-q3e91aecf2

  • MD5

    1a7c1927f515eeec926a21d5e91e12da

  • SHA1

    3c5c6802372c32477ff5c11c1e59979f50752730

  • SHA256

    a9524f30aaff503ab58af21556160282929edb8f72b81efc979dd8510f6129c2

  • SHA512

    d0581ced6aad504a9feff58e27c9a465471d60aa531afcbde0a3bbaf04d27c2f045037577dcae6f5c2b2f263b891be5c1e89d838147101974a7e02a44e0ec853

  • SSDEEP

    768:BHReXvU8CVG6qDfQlPdXsz56b0Rw4zXn4hie7UXrM0gCs2H4rdxO2+:BHReXoVXfj6cushlkPZ2dU2+

Malware Config

Targets

    • Target

      1a7c1927f515eeec926a21d5e91e12da

    • Size

      50KB

    • MD5

      1a7c1927f515eeec926a21d5e91e12da

    • SHA1

      3c5c6802372c32477ff5c11c1e59979f50752730

    • SHA256

      a9524f30aaff503ab58af21556160282929edb8f72b81efc979dd8510f6129c2

    • SHA512

      d0581ced6aad504a9feff58e27c9a465471d60aa531afcbde0a3bbaf04d27c2f045037577dcae6f5c2b2f263b891be5c1e89d838147101974a7e02a44e0ec853

    • SSDEEP

      768:BHReXvU8CVG6qDfQlPdXsz56b0Rw4zXn4hie7UXrM0gCs2H4rdxO2+:BHReXoVXfj6cushlkPZ2dU2+

    • Blocklisted process makes network request

    • Disables RegEdit via registry modification

    • Disables use of System Restore points

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks