Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
VirusShare_a5d0e995d43232bd4b3d73f8899b7ef0
-
Size
662KB
-
Sample
240205-jztjwsdbgq
-
MD5
a5d0e995d43232bd4b3d73f8899b7ef0
-
SHA1
46e06085c542f69ca2a78bba9f4eaa0ad77b1713
-
SHA256
597ae8a86df361a4d18a381b80b3be8968f3d8fc187a48cddbb27653217bf674
-
SHA512
c65757fc305586930c1cc5dd0a712b3a071fdd89b357328a28fea208dcdd67c9717b7de4678e525652a324d976b2588105bda82575d2cb7b7682b6730e9c4fdb
-
SSDEEP
12288:vKPvdIQ/slCcdrN8VfeP/hUmQ2jqh+aCKpQKEskUjeWhjZrwPqQRc:a6OslWVfeP/s2j8+aCGHFZnOc
Static task
static1
Behavioral task
behavioral1
Sample
VirusShare_a5d0e995d43232bd4b3d73f8899b7ef0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
VirusShare_a5d0e995d43232bd4b3d73f8899b7ef0.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\ProgramData\ulbiyui.html
http://jssestaew3e7ao3q.onion.cab
http://jssestaew3e7ao3q.tor2web.org
http://jssestaew3e7ao3q.onion
Targets
-
-
Target
VirusShare_a5d0e995d43232bd4b3d73f8899b7ef0
-
Size
662KB
-
MD5
a5d0e995d43232bd4b3d73f8899b7ef0
-
SHA1
46e06085c542f69ca2a78bba9f4eaa0ad77b1713
-
SHA256
597ae8a86df361a4d18a381b80b3be8968f3d8fc187a48cddbb27653217bf674
-
SHA512
c65757fc305586930c1cc5dd0a712b3a071fdd89b357328a28fea208dcdd67c9717b7de4678e525652a324d976b2588105bda82575d2cb7b7682b6730e9c4fdb
-
SSDEEP
12288:vKPvdIQ/slCcdrN8VfeP/hUmQ2jqh+aCKpQKEskUjeWhjZrwPqQRc:a6OslWVfeP/s2j8+aCGHFZnOc
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-