Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Doc.zip
-
Size
744B
-
Sample
240522-f1lc5add2z
-
MD5
34de20fe156557d6d6d0a371f70ec5d5
-
SHA1
820a83383b023d71640c159f146bf14bee096d98
-
SHA256
204b7ddb7313918dc965ad5335d350ec2457843a66141011ebec50b8ea0e05af
-
SHA512
8d0df03876aa820498e2b3664ea4c673d621051b43fcf6bfee3f5e66beedc61e39734a1851013d475a4a902855765e7cfa2cb58d862815af5f518eae8e829633
Static task
static1
Behavioral task
behavioral1
Sample
Doc.lnk
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Doc.lnk
Resource
win10v2004-20240426-en
Malware Config
Extracted
https://foundationforwomenshealth.com/rooming.hta
Targets
-
-
Target
Doc.lnk
-
Size
1KB
-
MD5
60f1320faf25bc20101c4312f82a72f8
-
SHA1
a37a8f932db503eed34cbe9aa1db40f63b36fee1
-
SHA256
bb26c65d29da78c698c19344058832b21593d27f4d89b5118345bb76614a564a
-
SHA512
96652e9e0a96545449a260c19d920eb3f1debc879e76f5a594848a28ef165b733ca61fcc75636781289e30cc7e87aae11028ff159a1bdc93a274dbed99f03d07
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-