Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07.lnk
-
Size
40KB
-
Sample
240601-bh1mwacc61
-
MD5
5056bcf2c4a723fb01fa6b136f8035b8
-
SHA1
595a4292dd04ebb2b41f3503b163728f4dfceba3
-
SHA256
2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07
-
SHA512
eafb0fc7f608fbdc9fad95e4f26ef5f5b6cb25785460605057b7a0df02e4afa38ddc26bd971dda62faf8b60e95bed5bdafc585948f0e2357aab3b9475fb7bace
-
SSDEEP
12:8MFm/3BVSXvk44X3ojsqzKtnWNm3cW+UcCsvXLCKeXCf/DWKDiN33YlNPeVnI:8l/BHYVKVWqV+/CW7C7Sf/naHKPeFI
Static task
static1
Behavioral task
behavioral1
Sample
2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07.lnk
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07.lnk
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://198.23.201.89/warm/quote.hta
Targets
-
-
Target
2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07.lnk
-
Size
40KB
-
MD5
5056bcf2c4a723fb01fa6b136f8035b8
-
SHA1
595a4292dd04ebb2b41f3503b163728f4dfceba3
-
SHA256
2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07
-
SHA512
eafb0fc7f608fbdc9fad95e4f26ef5f5b6cb25785460605057b7a0df02e4afa38ddc26bd971dda62faf8b60e95bed5bdafc585948f0e2357aab3b9475fb7bace
-
SSDEEP
12:8MFm/3BVSXvk44X3ojsqzKtnWNm3cW+UcCsvXLCKeXCf/DWKDiN33YlNPeVnI:8l/BHYVKVWqV+/CW7C7Sf/naHKPeFI
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-