Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cd3e2e5db407027a2e220895e56cea9d

  • Size

    1.2MB

  • Sample

    240316-f95s5aeh38

  • MD5

    cd3e2e5db407027a2e220895e56cea9d

  • SHA1

    9b7f73950140ffe44faf303d9f939ffe0e831ca1

  • SHA256

    9c9043fc217ad2dffc662e74354280936d9295735ee186db5912ee43db62c8fc

  • SHA512

    cb13555db384feaf62c64840d368147f37dc2227f2161782cfaa39a4ab08b2bd910e8ce07ac0f5b4e35ebe8d50ab1c10add111d1a08fb2a17e9cc06a4f25566b

  • SSDEEP

    24576:vXSdS7fpASLVbL/9qPmlNqfsOFxibcN0VsNHxz6K6m4:PSd+fqebLwPoJmfNJT2/m4

Malware Config

Targets

    • Target

      cd3e2e5db407027a2e220895e56cea9d

    • Size

      1.2MB

    • MD5

      cd3e2e5db407027a2e220895e56cea9d

    • SHA1

      9b7f73950140ffe44faf303d9f939ffe0e831ca1

    • SHA256

      9c9043fc217ad2dffc662e74354280936d9295735ee186db5912ee43db62c8fc

    • SHA512

      cb13555db384feaf62c64840d368147f37dc2227f2161782cfaa39a4ab08b2bd910e8ce07ac0f5b4e35ebe8d50ab1c10add111d1a08fb2a17e9cc06a4f25566b

    • SSDEEP

      24576:vXSdS7fpASLVbL/9qPmlNqfsOFxibcN0VsNHxz6K6m4:PSd+fqebLwPoJmfNJT2/m4

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks