Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    winzip26.exe.7z

  • Size

    516KB

  • Sample

    240125-q72zkahgcj

  • MD5

    0c636d7a4448a4cf19b0b051df81dca8

  • SHA1

    8ad53540afb8b5586dfbf9410312e44db63b5f95

  • SHA256

    023ab137657d4dfffd5bf98d9dcd2fd2bc9600fdea317ff3323d48c2d2923d74

  • SHA512

    d5be909ad229b1cf7e8b40188b080d959826e76501b3c27f141ef744ce9c3d63a590edace22b9b41989d6d34fbfe024979d460c88845e21dcd4cc6d95bb70975

  • SSDEEP

    12288:Cd0DSS25IRWKdSOZ4CG9eZuRTTyRmzr/TF:Cd0DawWKdSPleZuARm/

Malware Config

Targets

    • Target

      winzip26.exe

    • Size

      992KB

    • MD5

      40a49a13e2ed6577937568ef19b6e853

    • SHA1

      2b2458cab8730ea3c69fc8cc7059f6fdc3c7f4c7

    • SHA256

      9bf1cab2cfcf82b772242c09f49bd43d7300f5996456f56dca471364f5e70d9a

    • SHA512

      962a1297cb9652a52d4901317bd8e3a1953ec7b277e84dcbdeb31ff665b3d643a58f690179bf527187fff85d7ea409485dd928209e906f4a5b09d6ccf9c11446

    • SSDEEP

      12288:xkrPMg09CmiJQ21FUOkBVVWh7qZWoHnJ9NTwmHJMNm7aFxNcEQmi5WsvcXphs/:xQLkBVVWh7dA9NlM7c0Za/

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks