Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    63507ef5bc127d200bd48e477a5f8ab2

  • Size

    627KB

  • Sample

    240117-xav83scefj

  • MD5

    63507ef5bc127d200bd48e477a5f8ab2

  • SHA1

    4b05541814e7c1bdbb70f1cb82b3db5f8e9b5823

  • SHA256

    604dc0ff16d6c026a4c322dc61ca9597a02dbc5c80bcea0c46961005204decaf

  • SHA512

    645ebbff6ac01dd2d73be6db41dc9f6456a82c96b9a65f82d40151dbebd6c27623cd2fd3a6fde90651c51278e7db525b540510fb6e8f46acaa4b0f03c8a18a13

  • SSDEEP

    12288:TsWeQT7dKrfL/0MqLofLrYeBurxCvORSxT8FhHD3mMkLdSIdNQ:XTBK0MqEfL1KRk+D1kZp4

Malware Config

Targets

    • Target

      63507ef5bc127d200bd48e477a5f8ab2

    • Size

      627KB

    • MD5

      63507ef5bc127d200bd48e477a5f8ab2

    • SHA1

      4b05541814e7c1bdbb70f1cb82b3db5f8e9b5823

    • SHA256

      604dc0ff16d6c026a4c322dc61ca9597a02dbc5c80bcea0c46961005204decaf

    • SHA512

      645ebbff6ac01dd2d73be6db41dc9f6456a82c96b9a65f82d40151dbebd6c27623cd2fd3a6fde90651c51278e7db525b540510fb6e8f46acaa4b0f03c8a18a13

    • SSDEEP

      12288:TsWeQT7dKrfL/0MqLofLrYeBurxCvORSxT8FhHD3mMkLdSIdNQ:XTBK0MqEfL1KRk+D1kZp4

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Modifies file permissions

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks