Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a943bbda34d5ea6b75000dfb474fd19fd72584598489421047ca2553eb858eb5.rar

  • Size

    20KB

  • Sample

    240213-e6m88sac51

  • MD5

    240a68d2d8d15037fb48d809b89d3110

  • SHA1

    3c3170913bbdf50923088cde2fefdd56e981014d

  • SHA256

    a943bbda34d5ea6b75000dfb474fd19fd72584598489421047ca2553eb858eb5

  • SHA512

    a39a4617e00112f7dea364e72f63ed889e6458eca009c52238d2de2528265e71433ee2cdf0821c0f4df486f6680978d2ef5c434a8382896e522f70d208a8632a

  • SSDEEP

    384:XKy9fa5UEmRgNgtlIKeViiEHXzmX9E+RuVIvEwwNatbmZztL277K5DmJ5886Zhfo:Xna53mqewKetEHjmX914VIck8tL47RJP

Malware Config

Targets

    • Target

      Abu Dhabi University_project_334568.vbs

    • Size

      36KB

    • MD5

      de8bb4e7b3b42adcc01eaf37409ba15a

    • SHA1

      77e869d2cdb86aea090f14a444e0d1ee39e5cd68

    • SHA256

      4899cdb23cf206532e2ccfe1eb170256012e2ee7664a89e5472e52f2a6274001

    • SHA512

      5258eaf86e2da5799b8d4c73c5b7047502d7e66000bef6b6680aafc931c7590eb005917c9af4c8a788ee16638870354c3f044434d381b934f5ada38c09a48569

    • SSDEEP

      768:vUJZmkTEmGkXZwCwzWfMKjWcHISdD0i6z2l+KaRB0e:cJLEXM9wzPKjXHISJ0i6z2w/f

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks