Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SSCosmetics (2).exe
-
Size
252KB
-
Sample
240407-wzdjwsah2s
-
MD5
f278e2fb4010c8403c00cf988354a0fd
-
SHA1
3c1c63f2f6678cc55deda531413674c9f4b090cf
-
SHA256
1fd1e3eceac872dffbc901adfba60312f30068884c2ef3ae8f15d6ce6f7aa474
-
SHA512
85257af5832cb33de94d80544720ae91f2060b63513ddfac9698637531a5c1049dd37c22416fd0d624e6430be2f0c03d436ef4009cb2cab91c087169723da0b9
-
SSDEEP
6144:ZHU8VKT4OTtspISTvlnJjG02iyGE31i9bqKTaucqW:e8VlO5oISblnJjGjiyGSZkau8
Static task
static1
Behavioral task
behavioral1
Sample
SSCosmetics (2).exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
SSCosmetics (2).exe
-
Size
252KB
-
MD5
f278e2fb4010c8403c00cf988354a0fd
-
SHA1
3c1c63f2f6678cc55deda531413674c9f4b090cf
-
SHA256
1fd1e3eceac872dffbc901adfba60312f30068884c2ef3ae8f15d6ce6f7aa474
-
SHA512
85257af5832cb33de94d80544720ae91f2060b63513ddfac9698637531a5c1049dd37c22416fd0d624e6430be2f0c03d436ef4009cb2cab91c087169723da0b9
-
SSDEEP
6144:ZHU8VKT4OTtspISTvlnJjG02iyGE31i9bqKTaucqW:e8VlO5oISblnJjGjiyGSZkau8
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-