Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
30/05/2024, 20:32
240530-zblgdahd7x 10General
-
Target
tthyperRuntimedhcpSvc.exe
-
Size
1.5MB
-
Sample
240530-zblgdahd7x
-
MD5
7a4073a468cf2d6ae2836893f467c81d
-
SHA1
ff54a200d4f6a1a696182f2cfde6e735b2580f37
-
SHA256
af6a3a206daa66c291daac3dc17f29dd7d0e1504a92b6346b5c5fa252dcc3ef5
-
SHA512
8df794241d4162850b5243b0844b3818a6ff010f2dda65bdae3a88a69e6f368c700c81997d781568652cb3b42ec98bd5d25ba86fec7d3b7a5856d459dba3bdd5
-
SSDEEP
24576:6Rcf6gYLRV8nJ4BMFvJw184tEAXQKQq6i0c:6cyloWgvJw1Zsi
Static task
static1
Behavioral task
behavioral1
Sample
tthyperRuntimedhcpSvc.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
tthyperRuntimedhcpSvc.exe
-
Size
1.5MB
-
MD5
7a4073a468cf2d6ae2836893f467c81d
-
SHA1
ff54a200d4f6a1a696182f2cfde6e735b2580f37
-
SHA256
af6a3a206daa66c291daac3dc17f29dd7d0e1504a92b6346b5c5fa252dcc3ef5
-
SHA512
8df794241d4162850b5243b0844b3818a6ff010f2dda65bdae3a88a69e6f368c700c81997d781568652cb3b42ec98bd5d25ba86fec7d3b7a5856d459dba3bdd5
-
SSDEEP
24576:6Rcf6gYLRV8nJ4BMFvJw184tEAXQKQq6i0c:6cyloWgvJw1Zsi
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-