Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
99fe6730862db95a23d5996996d99d55a809390b152bfdc15d617545016cbbe6.zip
-
Size
8.5MB
-
Sample
240430-1kpe3agd3x
-
MD5
1914923016185375510ebe77c41de172
-
SHA1
1526594013143e48da425decb19d7b4d00e85dc1
-
SHA256
99fe6730862db95a23d5996996d99d55a809390b152bfdc15d617545016cbbe6
-
SHA512
31232130dc9cc78e00dc38cf64c664bb2254afe75c14cb12bdc06d1abe207c3c0f06e9b3301f9910a6b1c07b63d73a4c70557286d0e149ccb600639363859bda
-
SSDEEP
196608:Lz1xWKqkGTSOwUDLMpvM4KBCmbhOj+UIs1mkSxCBND3R/:LzDb9Ownp/0lTsUnwND3R/
Static task
static1
Behavioral task
behavioral1
Sample
npp.8.6.3.portable.x64/notepad.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
npp.8.6.3.portable.x64/notepad.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
wikiloader
https://unokodkelas.cl/wp-content/themes/twentytwenty/pttfrp.php?id=1
https://www.judicialconsulting.es/wp-content/themes/hello-elementor/t745ny.php?id=1
https://polarishousingsystems.com/wp-content/themes/twentytwentyfour/qshgfl.php?id=1
https://barliam.com/ph/wp-content/themes/twentytwentythree/plxka3.php?id=1
Targets
-
-
Target
npp.8.6.3.portable.x64/notepad.exe
-
Size
6.9MB
-
MD5
2cd84602fc2428e0db00dbce5e20dc80
-
SHA1
965a62dbba7cbb95b6a7694dc33963ffb105819a
-
SHA256
4e271372528a9b439d99a7376fc1ac9c67884226a2f7bcbe2f68694c80548287
-
SHA512
a6f715224a5e9ffb35833591bdc5cf1b76da479c2a6fd2108d921526708f918e6d5d2e9569c879d1d4c76e4606cdd271364b6f85acd8c811439bd08b61665fd2
-
SSDEEP
98304:QtGdbdZUv5vuLYgtbUK5b8PTnwe65w/mod:Rdbvou8guK52TP6525
Score10/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies Installed Components in the registry
-
Suspicious use of NtCreateThreadExHideFromDebugger
-