Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e.bat
-
Size
330KB
-
Sample
240529-q5nddsgd6s
-
MD5
54c448c9e570016b04f3f297447b3504
-
SHA1
6e0470f78a958153b513301505ff9379a2a625a0
-
SHA256
44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e
-
SHA512
a5bd205f446a3a04fe753a58983c8df7a468c9b90966c07339f1eb8d36b3ced1975660e102b15fc83b65e3794c8ffb6d40ff74f8a94c1ae8e33ffa0b4599fad6
-
SSDEEP
6144:qjP2m4Zg7LMk5EB11YdkawH8vlP+JamAtdQbCEk+ajFbkDUJEc+cEPMPonbK0v/b:qSm6g7LL6L/1HklP+szy+Fbkk5xwMAn7
Static task
static1
Behavioral task
behavioral1
Sample
44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e.bat
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e.bat
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e.bat
-
Size
330KB
-
MD5
54c448c9e570016b04f3f297447b3504
-
SHA1
6e0470f78a958153b513301505ff9379a2a625a0
-
SHA256
44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e
-
SHA512
a5bd205f446a3a04fe753a58983c8df7a468c9b90966c07339f1eb8d36b3ced1975660e102b15fc83b65e3794c8ffb6d40ff74f8a94c1ae8e33ffa0b4599fad6
-
SSDEEP
6144:qjP2m4Zg7LMk5EB11YdkawH8vlP+JamAtdQbCEk+ajFbkDUJEc+cEPMPonbK0v/b:qSm6g7LL6L/1HklP+szy+Fbkk5xwMAn7
Score8/10-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-