Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

39961846fd...3f.exe

windows7-x64

10

39961846fd...3f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f

  • Size

    2.5MB

  • Sample

    240408-y5sl4seb6v

  • MD5

    eca95fbb69ab3ba58f0f535c0e481d67

  • SHA1

    82f2092667e20ef4992d13a428102d64176b4b9e

  • SHA256

    39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f

  • SHA512

    3646cf1f9a1fcd854f4ad63ce1bcd451319efd27c21255279add937a9060f32c15d944aa8b4df1712bcf600703614c66c57144061ac09afd4bbec89a4612e3ff

  • SSDEEP

    49152:vhDZlDTeHumcu6x06hZJYtF2EGvxyhXQu8GqbilpEVWi26kAdSNl:ZVlExGT2tF2rCXrVlScJAoz

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    ftp.tripod.com
  • Port:
    21
  • Username:
    onthelinux
  • Password:
    741852abc

Targets

    • Target

      39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f

    • Size

      2.5MB

    • MD5

      eca95fbb69ab3ba58f0f535c0e481d67

    • SHA1

      82f2092667e20ef4992d13a428102d64176b4b9e

    • SHA256

      39961846fd6cbd3fee80abc78b0cc489964dceb9c77197608f4fbdb16316d73f

    • SHA512

      3646cf1f9a1fcd854f4ad63ce1bcd451319efd27c21255279add937a9060f32c15d944aa8b4df1712bcf600703614c66c57144061ac09afd4bbec89a4612e3ff

    • SSDEEP

      49152:vhDZlDTeHumcu6x06hZJYtF2EGvxyhXQu8GqbilpEVWi26kAdSNl:ZVlExGT2tF2rCXrVlScJAoz

    Score
    10/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks