Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c01b52dfca6d9a81e3b18d6cad0d2f803ecc9b23b9dd8cfe48fbdf1df7c68922.exe

  • Size

    29KB

  • Sample

    240312-dmrlwaef4s

  • MD5

    ba9855a21f4aafb56b2948fa0411ef95

  • SHA1

    8be5e63aa2a2b2d1fb849de9f45de87d35d0d4b9

  • SHA256

    c01b52dfca6d9a81e3b18d6cad0d2f803ecc9b23b9dd8cfe48fbdf1df7c68922

  • SHA512

    ef04b3db052f49ab19afc4e06a0fc16bfd4b9fd85ccf49a6fbdeeddd0be34489b76ec5843f39ca21e019f1e4f329b1224e1fd211a87a5873491e3ab2bfd61260

  • SSDEEP

    384:uAs+IKyt872iSzG3X7/DVl32f6L4wzz3GDC/OJam3Af+EXZlv/wprkjb4JleG+r/:1sbPwDDSSswScK3Q+EXsg4JloB

Malware Config

Targets

    • Target

      c01b52dfca6d9a81e3b18d6cad0d2f803ecc9b23b9dd8cfe48fbdf1df7c68922.exe

    • Size

      29KB

    • MD5

      ba9855a21f4aafb56b2948fa0411ef95

    • SHA1

      8be5e63aa2a2b2d1fb849de9f45de87d35d0d4b9

    • SHA256

      c01b52dfca6d9a81e3b18d6cad0d2f803ecc9b23b9dd8cfe48fbdf1df7c68922

    • SHA512

      ef04b3db052f49ab19afc4e06a0fc16bfd4b9fd85ccf49a6fbdeeddd0be34489b76ec5843f39ca21e019f1e4f329b1224e1fd211a87a5873491e3ab2bfd61260

    • SSDEEP

      384:uAs+IKyt872iSzG3X7/DVl32f6L4wzz3GDC/OJam3Af+EXZlv/wprkjb4JleG+r/:1sbPwDDSSswScK3Q+EXsg4JloB

    • UAC bypass

    • Windows security bypass

    • Contacts a large (4270) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Detects executables packed with or use KoiVM

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Checks whether UAC is enabled

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks