Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad9e213371def953f33a43461e9e6630

  • Size

    240KB

  • Sample

    240229-ee99pacg2s

  • MD5

    ad9e213371def953f33a43461e9e6630

  • SHA1

    98fc4e34879ad76ae460f799a14cc7d4ceab109e

  • SHA256

    5feb9bcecc3733f53313b37131391a9679de7cec617aa118c90adb8fa5f6a7a0

  • SHA512

    e5b6554370c8d7cad82979180637511b994d22edf9a24281107917092de5fb60a9804888280dc4bb1050f95d80e23c848619d9902c4f7a0da9bb12a4d9299f2b

  • SSDEEP

    6144:g77v/p3qOZouTiy64tWH0OVxePeazTSIYnz:g7753qOrK9VxePe+Sd

Malware Config

Targets

    • Target

      ad9e213371def953f33a43461e9e6630

    • Size

      240KB

    • MD5

      ad9e213371def953f33a43461e9e6630

    • SHA1

      98fc4e34879ad76ae460f799a14cc7d4ceab109e

    • SHA256

      5feb9bcecc3733f53313b37131391a9679de7cec617aa118c90adb8fa5f6a7a0

    • SHA512

      e5b6554370c8d7cad82979180637511b994d22edf9a24281107917092de5fb60a9804888280dc4bb1050f95d80e23c848619d9902c4f7a0da9bb12a4d9299f2b

    • SSDEEP

      6144:g77v/p3qOZouTiy64tWH0OVxePeazTSIYnz:g7753qOrK9VxePe+Sd

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks