Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Loader 2CH...TS.exe

windows7-x64

10

Loader 2CH...TS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    503b857e7ef2013d1dccbf4dacdd6ac9_JaffaCakes118

  • Size

    528KB

  • Sample

    240517-s42whaee7s

  • MD5

    503b857e7ef2013d1dccbf4dacdd6ac9

  • SHA1

    6ab4b0b3a68917551ce4ae3f9613fe78db0c7a8a

  • SHA256

    6dc4a97d43627b62cb3d7cebb0f484cd7a44662f8552151e6ab4be2cb7af434e

  • SHA512

    4d1a7ca8af56a45a53836fa4ce62425403326450faed8bf47bb180b9d4d75948058a798de283f8925869f12b5a9b2c7329f14a520b28a7101e4545d0028cceac

  • SSDEEP

    12288:S3jcukEuVGQftBFNSr32T7n7ICXGb6W3mTPud:10rQfDE2jIo+mPud

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://goo.gl/RQ1BY2

Targets

    • Target

      Loader 2CHETS/Loader 2CHETS.exe

    • Size

      742KB

    • MD5

      27444b817650f6870eac33f757a23c8e

    • SHA1

      7f6dc32a6334a12255f71aa2bcef9952a369c705

    • SHA256

      c1070ea8eedb617d154ac558141d58a7b18577fc7b2af12cdcc958e3e5fa1af9

    • SHA512

      20291b56c78dad90692e971fb2a9e02308f6725ff2adc87235ea60a7e01076b089caa274188f08a45974de9005dd4f11a917a6a279b8dd6ec80bd0ffe1704431

    • SSDEEP

      12288:34nZVJNVNQjSYxuw7jM9HSGZprjKhBvYpriE2ApW8k9uR53q:IZV9NQRxuw7g9BuhWprZ48k9uR0

    Score
    10/10
    execution

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks