Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ca62040f61d63d23a522a476ee8aeeec

  • Size

    171KB

  • Sample

    240315-d572ksfd7s

  • MD5

    ca62040f61d63d23a522a476ee8aeeec

  • SHA1

    462fce2be4bbead0a77fe064a483d50783ceaafe

  • SHA256

    73df551a2f02724c553c34b0d5ee63774b12378f1aaa4f440efd05ec23af3c73

  • SHA512

    1658a43316d5174092292ed75a0a087778b2b1ec1ac176bec4a2fea977e8bfe59c0c12079e9354dadc5479c9506df43e6bafdc35c0701cb2eee8ef09a7e4d48c

  • SSDEEP

    3072:oPhrcIwCBrYtZSb5XNGyyrTcmsyMoecjIDKZg1CCx5R3T6d1Pt:CrcEVrb4Pc4IDKeCE51m

Malware Config

Targets

    • Target

      ca62040f61d63d23a522a476ee8aeeec

    • Size

      171KB

    • MD5

      ca62040f61d63d23a522a476ee8aeeec

    • SHA1

      462fce2be4bbead0a77fe064a483d50783ceaafe

    • SHA256

      73df551a2f02724c553c34b0d5ee63774b12378f1aaa4f440efd05ec23af3c73

    • SHA512

      1658a43316d5174092292ed75a0a087778b2b1ec1ac176bec4a2fea977e8bfe59c0c12079e9354dadc5479c9506df43e6bafdc35c0701cb2eee8ef09a7e4d48c

    • SSDEEP

      3072:oPhrcIwCBrYtZSb5XNGyyrTcmsyMoecjIDKZg1CCx5R3T6d1Pt:CrcEVrb4Pc4IDKeCE51m

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks