Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
026855ec0e8786cfb946a1c5f858190afc566b6f14d310fe37780c0ebe1e8608.exe
-
Size
2.4MB
-
Sample
240406-bc7t1age63
-
MD5
f5ae4fdb7579db408cc119c7df5ba699
-
SHA1
7119c29754409ab879eae0548c3c24395c27e16e
-
SHA256
026855ec0e8786cfb946a1c5f858190afc566b6f14d310fe37780c0ebe1e8608
-
SHA512
445d2a66100af7a1b7f85e8cb0f6c06af0ae436d514d818c102f81ffa4e92984353f0635d1aa7121e832efda642d4843e0d87e84819144dd356c9ffe99bcfb5f
-
SSDEEP
49152:MajGm3M0mm2dUE5qMsS5SeBtvGz68gNR0T3vRs+1FXclTbVzi:Maj1vmm0fsSQm8OA3vRLbclTbVW
Static task
static1
Behavioral task
behavioral1
Sample
026855ec0e8786cfb946a1c5f858190afc566b6f14d310fe37780c0ebe1e8608.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
026855ec0e8786cfb946a1c5f858190afc566b6f14d310fe37780c0ebe1e8608.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
026855ec0e8786cfb946a1c5f858190afc566b6f14d310fe37780c0ebe1e8608.exe
-
Size
2.4MB
-
MD5
f5ae4fdb7579db408cc119c7df5ba699
-
SHA1
7119c29754409ab879eae0548c3c24395c27e16e
-
SHA256
026855ec0e8786cfb946a1c5f858190afc566b6f14d310fe37780c0ebe1e8608
-
SHA512
445d2a66100af7a1b7f85e8cb0f6c06af0ae436d514d818c102f81ffa4e92984353f0635d1aa7121e832efda642d4843e0d87e84819144dd356c9ffe99bcfb5f
-
SSDEEP
49152:MajGm3M0mm2dUE5qMsS5SeBtvGz68gNR0T3vRs+1FXclTbVzi:Maj1vmm0fsSQm8OA3vRLbclTbVW
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables manipulated with Fody
-
Detects executables packed with unregistered version of .NET Reactor
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Creates new service(s)
-
Downloads MZ/PE file
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1System Services
2Service Execution
2Persistence
Create or Modify System Process
2Windows Service
2Power Settings
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Impair Defenses
1Obfuscated Files or Information
1Command Obfuscation
1