Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e.bat

  • Size

    330KB

  • Sample

    240529-q5nddsgd6s

  • MD5

    54c448c9e570016b04f3f297447b3504

  • SHA1

    6e0470f78a958153b513301505ff9379a2a625a0

  • SHA256

    44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e

  • SHA512

    a5bd205f446a3a04fe753a58983c8df7a468c9b90966c07339f1eb8d36b3ced1975660e102b15fc83b65e3794c8ffb6d40ff74f8a94c1ae8e33ffa0b4599fad6

  • SSDEEP

    6144:qjP2m4Zg7LMk5EB11YdkawH8vlP+JamAtdQbCEk+ajFbkDUJEc+cEPMPonbK0v/b:qSm6g7LL6L/1HklP+szy+Fbkk5xwMAn7

Malware Config

Targets

    • Target

      44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e.bat

    • Size

      330KB

    • MD5

      54c448c9e570016b04f3f297447b3504

    • SHA1

      6e0470f78a958153b513301505ff9379a2a625a0

    • SHA256

      44baa120c32e2bbe83d9c1b1f8b2cc269e1e18c53efd08a648bf068ccef3153e

    • SHA512

      a5bd205f446a3a04fe753a58983c8df7a468c9b90966c07339f1eb8d36b3ced1975660e102b15fc83b65e3794c8ffb6d40ff74f8a94c1ae8e33ffa0b4599fad6

    • SSDEEP

      6144:qjP2m4Zg7LMk5EB11YdkawH8vlP+JamAtdQbCEk+ajFbkDUJEc+cEPMPonbK0v/b:qSm6g7LL6L/1HklP+szy+Fbkk5xwMAn7

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks