Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b2597a84cba40b017e7f3ee56ddafd25

  • Size

    5.7MB

  • Sample

    240304-rp3zksdd44

  • MD5

    b2597a84cba40b017e7f3ee56ddafd25

  • SHA1

    6d135c522a28cb812588154c452cf4718644bb08

  • SHA256

    317ea77e59c6c307f2a2d92f16cdb0d16a6435f49540131791480d350b2147fd

  • SHA512

    74a438b8158e56afee0a4d4924484f82bdbfcb4dace22082db8c484c799657b05b63a0bb6a6c5d43717042801fe893018f86fe0090ac9ca87501c47ad4453f05

  • SSDEEP

    49152:PHe/HeyHe/HeeHe/HeyHe/HesHe/HeyHe/HeeHe/HeyHe/Heqlbti:PcDcncDcrcDcncDcHl8

Score
10/10

Malware Config

Targets

    • Target

      b2597a84cba40b017e7f3ee56ddafd25

    • Size

      5.7MB

    • MD5

      b2597a84cba40b017e7f3ee56ddafd25

    • SHA1

      6d135c522a28cb812588154c452cf4718644bb08

    • SHA256

      317ea77e59c6c307f2a2d92f16cdb0d16a6435f49540131791480d350b2147fd

    • SHA512

      74a438b8158e56afee0a4d4924484f82bdbfcb4dace22082db8c484c799657b05b63a0bb6a6c5d43717042801fe893018f86fe0090ac9ca87501c47ad4453f05

    • SSDEEP

      49152:PHe/HeyHe/HeeHe/HeyHe/HesHe/HeyHe/HeeHe/HeyHe/Heqlbti:PcDcncDcrcDcncDcHl8

    Score
    10/10
    • Modifies visibility of file extensions in Explorer

    • Modifies visiblity of hidden/system files in Explorer

    • Adds policy Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks