Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Invoice.pdf.lnk

  • Size

    148KB

  • Sample

    240508-sbqmrscc95

  • MD5

    12e2b5c70cc7ba659226a376dc3cc039

  • SHA1

    08f338109566d47a2c0b91e071fabc6781cbd167

  • SHA256

    31c7a17e9f518c9f55ecfaa428e069d9fc1c820c74ed53392bc1b219915438b3

  • SHA512

    b1e451265e4409ab4c1492ee5ca903b444d22604b8f0860bbf949107c92ee952f4fd94535116a202579ab75c12860657cb123d6371d1f54d39409c48b82ead31

  • SSDEEP

    24:8WEe6Dz358m+pyAWkr+/4zc+8PxZvBT0qdd79ds/Z6U/ab9Q9qFBm:8WENDzKvbc7nvBT7dJ9A6U/a5QW

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://invoiceinformations.com/InvoiceInfo/EvernoteInvoice

Extracted

Language
hta
Source
URLs
hta.dropper

https://invoiceinformations.com/InvoiceInfo/EvernoteInvoice

Targets

    • Target

      Invoice.pdf.lnk

    • Size

      148KB

    • MD5

      12e2b5c70cc7ba659226a376dc3cc039

    • SHA1

      08f338109566d47a2c0b91e071fabc6781cbd167

    • SHA256

      31c7a17e9f518c9f55ecfaa428e069d9fc1c820c74ed53392bc1b219915438b3

    • SHA512

      b1e451265e4409ab4c1492ee5ca903b444d22604b8f0860bbf949107c92ee952f4fd94535116a202579ab75c12860657cb123d6371d1f54d39409c48b82ead31

    • SSDEEP

      24:8WEe6Dz358m+pyAWkr+/4zc+8PxZvBT0qdd79ds/Z6U/ab9Q9qFBm:8WENDzKvbc7nvBT7dJ9A6U/a5QW

    Score
    10/10
    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks