Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    15ce9e885610d5b85500ea0d139f6d21.bin

  • Size

    381KB

  • Sample

    240422-bd1gbadf2w

  • MD5

    b11ace65ca5b584ecfd1085afadb3542

  • SHA1

    57f6381e19e12ed3b3c9a5f7a12799887590753f

  • SHA256

    472216912d2c889258b522d08fb95134bbe6d682e357524a2e092590cae37263

  • SHA512

    0509ee990feea75f7af0e3478df9fa8e2704ba617ab3d588fef0def9ffeed87b193d07e5f86800775a34b63788186611886105f5b1f337af917e0c876ccce29f

  • SSDEEP

    6144:jlpOm9oi6nU58miGLy/mwfBi521k5ZMOTgCEsJpu/meqZb3lHPU/r+QWpDQqeYUC:jlQm2Uumi0y/LfW4kj0Upu/6JgEAvGUk

Score
10/10

Malware Config

Targets

    • Target

      95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe

    • Size

      404KB

    • MD5

      15ce9e885610d5b85500ea0d139f6d21

    • SHA1

      99f1392185a70453f33e15d6f5b75064217c2c18

    • SHA256

      95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e

    • SHA512

      9ee8e3fb682cf7abb5804106f841551f2f0fd8ace9842e67f3bda573772d39a6482d19e853de5a9a48d177350a3398cb814105ced01fdfb1be6db7e8bc9055b9

    • SSDEEP

      6144:/IJTLRoSz47P8DiLdwXQIPcnEPjj9tQPBBpRPZi9opzUeqcnoKPcmPuJkJ:wlRoSz4j8DM6gIxfUP+2Ye9oCcmf

    Score
    10/10
    • UAC bypass

    • Windows security bypass

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks