Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283.exe
-
Size
101KB
-
Sample
240226-fq4fysea8t
-
MD5
19046ffd0a7a3365ba8e5b464bba149b
-
SHA1
66ce137113ada0844a916252f0e456d06cf906c1
-
SHA256
9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283
-
SHA512
639f852a4665bb80271f10e1c60e5fd6046c556aaaa5c6e9e5cbfb43552ce2d7d4d4df03c15d51ecd28f25845e71a1ee60dc49a6fd76a6b468abfb6e153a2fed
-
SSDEEP
3072:z2NFei6thiKp+Ag3Q5JMUXFKJUHL5typ2g4e2byJYN:uFjOg3Q511Km5omeS
Static task
static1
Behavioral task
behavioral1
Sample
9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283.exe
Resource
win10v2004-20240221-en
Malware Config
Targets
-
-
Target
9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283.exe
-
Size
101KB
-
MD5
19046ffd0a7a3365ba8e5b464bba149b
-
SHA1
66ce137113ada0844a916252f0e456d06cf906c1
-
SHA256
9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283
-
SHA512
639f852a4665bb80271f10e1c60e5fd6046c556aaaa5c6e9e5cbfb43552ce2d7d4d4df03c15d51ecd28f25845e71a1ee60dc49a6fd76a6b468abfb6e153a2fed
-
SSDEEP
3072:z2NFei6thiKp+Ag3Q5JMUXFKJUHL5typ2g4e2byJYN:uFjOg3Q511Km5omeS
Score10/10-
Detects LgoogLoader payload
-
LgoogLoader
A downloader capable of dropping and executing other malware families.
-
Contacts a large (5063) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Detects Windows executables referencing non-Windows User-Agents
-
Detects executables packed with or use KoiVM
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
5Scripting
1Subvert Trust Controls
1Install Root Certificate
1