Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    update1503.zip

  • Size

    6.1MB

  • Sample

    240407-xwxn2acc89

  • MD5

    562641cdab1e0e53695e5f211bd0c7c1

  • SHA1

    f81697bf8852e070513549697dff9a46d705126d

  • SHA256

    516ca1c34949d486ab72f17515cfdad238b126a043dda0d3322f00510480ce69

  • SHA512

    c2bb6f2b5ebfb6dd2662447a21f7cdf199fd525dbcd4da634bb87ee5774500d2ab0c895878ee19dd6a328c4f2a49df402981d6dfc65682204d10f8d888ef9b02

  • SSDEEP

    196608:KjjYL4z4wAm1NF4giTydlxdE9Z8N18ytRdAzLAscQ:nIWklxduSN18ytRdAzL7V

Malware Config

Targets

    • Target

      update1503.exe

    • Size

      18.1MB

    • MD5

      7e89dc94745e89b44c0704984be4f377

    • SHA1

      d9649264edce63459bf213a473ecb00a40995f02

    • SHA256

      2368a83abc6a6b318c11cdf1da7df23529c003160ac5ea68b3c31e47b9194d56

    • SHA512

      f562d29c75b7f52ed937decbca9afd3600b30a981b79a92d8a9eb199656ce526909831dba0c6fd3ff21cc5dc2587a18b07d52a316bdff8d63edb0251a96714da

    • SSDEEP

      98304:dpYLJ+vH4hKsfBXkvI9CrxARczIjj7pN3fMrb1HpQEdOaYvpXyJZhk:dqXfBXkBrxwcEX7pBfMrb1HppdJ

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks