Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    setup查看6034.exe

  • Size

    6.8MB

  • Sample

    240512-p2s9ssfe2w

  • MD5

    2eabce945bbcc58ed47b9da723a7f594

  • SHA1

    cf586b8c68c13782fae65295567ce62e4dbeef3b

  • SHA256

    191b71de6de80fa56d2f9337dad82638a7959acc21ca4030e710cd373342efc1

  • SHA512

    3a468455b67e7ae9337a0bfddca748c17b5e5d23ff517d6a3fbfb0cc7bc5a0ced99b1949d4eba9498978748a63e1cd1c5cd02d50a31baa72ef3ecd75423f8838

  • SSDEEP

    98304:JEls3ZNnKgs4B5EajCA8vFc3DgrNa7hIMeTApZnNYDBKA9JUkA8e9129zXcZH7Y0:Wls3fTWtWveI9aDBtA4eczsZHhv1Kuxx

Malware Config

Targets

    • Target

      setup查看6034.exe

    • Size

      6.8MB

    • MD5

      2eabce945bbcc58ed47b9da723a7f594

    • SHA1

      cf586b8c68c13782fae65295567ce62e4dbeef3b

    • SHA256

      191b71de6de80fa56d2f9337dad82638a7959acc21ca4030e710cd373342efc1

    • SHA512

      3a468455b67e7ae9337a0bfddca748c17b5e5d23ff517d6a3fbfb0cc7bc5a0ced99b1949d4eba9498978748a63e1cd1c5cd02d50a31baa72ef3ecd75423f8838

    • SSDEEP

      98304:JEls3ZNnKgs4B5EajCA8vFc3DgrNa7hIMeTApZnNYDBKA9JUkA8e9129zXcZH7Y0:Wls3fTWtWveI9aDBtA4eczsZHhv1Kuxx

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks