Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
data.zip
-
Size
10.8MB
-
Sample
240531-ld84kaea98
-
MD5
8ea074efe07c07d6834ea04cb0bf5ca1
-
SHA1
7742970b6595aa264e6fe55663601a26863fe11e
-
SHA256
e48a054af8fe17bc433eed4534b0ff83d53286787c76a1eabab85240adca4459
-
SHA512
f04b623d67fb81ff57eb0562ea992bc499cfd64e8436531f4cb5308a4bb8d7f8fd6b01e46bd0065aab527a04090eb02fdfbf0c90588a506834af172d54a6ac1f
-
SSDEEP
196608:wuLlaEeW9gYGb+IzUAi/U1+v01I8gCdvYBohclzqb+IXcAwy3CH5dxH8rUbGJgB9:fLIbWHGhO/UYcngcwOhclzEj7GHCgB5T
Static task
static1
Behavioral task
behavioral1
Sample
data.zip
Resource
win10v2004-20240508-ja
Malware Config
Extracted
lumma
https://grazeinnocenttyyek.shop/api
https://horsedwollfedrwos.shop/api
https://patternapplauderw.shop/api
https://understanndtytonyguw.shop/api
https://considerrycurrentyws.shop/api
https://messtimetabledkolvk.shop/api
https://detailbaconroollyws.shop/api
https://deprivedrinkyfaiir.shop/api
https://relaxtionflouwerwi.shop/api
Targets
-
-
Target
data.zip
-
Size
10.8MB
-
MD5
8ea074efe07c07d6834ea04cb0bf5ca1
-
SHA1
7742970b6595aa264e6fe55663601a26863fe11e
-
SHA256
e48a054af8fe17bc433eed4534b0ff83d53286787c76a1eabab85240adca4459
-
SHA512
f04b623d67fb81ff57eb0562ea992bc499cfd64e8436531f4cb5308a4bb8d7f8fd6b01e46bd0065aab527a04090eb02fdfbf0c90588a506834af172d54a6ac1f
-
SSDEEP
196608:wuLlaEeW9gYGb+IzUAi/U1+v01I8gCdvYBohclzqb+IXcAwy3CH5dxH8rUbGJgB9:fLIbWHGhO/UYcngcwOhclzEj7GHCgB5T
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
1Change Default File Association
1