Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.5MB

  • Sample

    240405-rcnzwsea2x

  • MD5

    6ee8535bb232fe000b49153b670a1803

  • SHA1

    f614e5e362ea0f85f8938e337591c210831db32f

  • SHA256

    c41c07c2d1e2fd62641eba007673cfcd56bdc30a4e608e43656805db673b151f

  • SHA512

    859a1e0a60075e13e9c84ab976758f78f1019aa5d8bda7137bd5efc92bf677e7c01d285087724d11f04bccbf707d490719abb52c22fa97c688a108b971ea54fd

  • SSDEEP

    49152:YImcWL9IPguCKmUIZ79ecM8Cmh2HL7dGfCybeiFkq4nF3SbYN2Y:YH9fF79bMbQExGf5eiFL4nF3Sbi

Score
7/10
spywarestealervmprotect

Malware Config

Targets

    • Target

      file.exe

    • Size

      2.5MB

    • MD5

      6ee8535bb232fe000b49153b670a1803

    • SHA1

      f614e5e362ea0f85f8938e337591c210831db32f

    • SHA256

      c41c07c2d1e2fd62641eba007673cfcd56bdc30a4e608e43656805db673b151f

    • SHA512

      859a1e0a60075e13e9c84ab976758f78f1019aa5d8bda7137bd5efc92bf677e7c01d285087724d11f04bccbf707d490719abb52c22fa97c688a108b971ea54fd

    • SSDEEP

      49152:YImcWL9IPguCKmUIZ79ecM8Cmh2HL7dGfCybeiFkq4nF3SbYN2Y:YH9fF79bMbQExGf5eiFL4nF3Sbi

    Score
    7/10
    spywarestealervmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks