Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cd3e2e5db407027a2e220895e56cea9d
-
Size
1.2MB
-
Sample
240316-f95s5aeh38
-
MD5
cd3e2e5db407027a2e220895e56cea9d
-
SHA1
9b7f73950140ffe44faf303d9f939ffe0e831ca1
-
SHA256
9c9043fc217ad2dffc662e74354280936d9295735ee186db5912ee43db62c8fc
-
SHA512
cb13555db384feaf62c64840d368147f37dc2227f2161782cfaa39a4ab08b2bd910e8ce07ac0f5b4e35ebe8d50ab1c10add111d1a08fb2a17e9cc06a4f25566b
-
SSDEEP
24576:vXSdS7fpASLVbL/9qPmlNqfsOFxibcN0VsNHxz6K6m4:PSd+fqebLwPoJmfNJT2/m4
Malware Config
Targets
-
-
Target
cd3e2e5db407027a2e220895e56cea9d
-
Size
1.2MB
-
MD5
cd3e2e5db407027a2e220895e56cea9d
-
SHA1
9b7f73950140ffe44faf303d9f939ffe0e831ca1
-
SHA256
9c9043fc217ad2dffc662e74354280936d9295735ee186db5912ee43db62c8fc
-
SHA512
cb13555db384feaf62c64840d368147f37dc2227f2161782cfaa39a4ab08b2bd910e8ce07ac0f5b4e35ebe8d50ab1c10add111d1a08fb2a17e9cc06a4f25566b
-
SSDEEP
24576:vXSdS7fpASLVbL/9qPmlNqfsOFxibcN0VsNHxz6K6m4:PSd+fqebLwPoJmfNJT2/m4
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-