Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07.lnk

  • Size

    40KB

  • Sample

    240601-bh1mwacc61

  • MD5

    5056bcf2c4a723fb01fa6b136f8035b8

  • SHA1

    595a4292dd04ebb2b41f3503b163728f4dfceba3

  • SHA256

    2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07

  • SHA512

    eafb0fc7f608fbdc9fad95e4f26ef5f5b6cb25785460605057b7a0df02e4afa38ddc26bd971dda62faf8b60e95bed5bdafc585948f0e2357aab3b9475fb7bace

  • SSDEEP

    12:8MFm/3BVSXvk44X3ojsqzKtnWNm3cW+UcCsvXLCKeXCf/DWKDiN33YlNPeVnI:8l/BHYVKVWqV+/CW7C7Sf/naHKPeFI

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://198.23.201.89/warm/quote.hta

Targets

    • Target

      2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07.lnk

    • Size

      40KB

    • MD5

      5056bcf2c4a723fb01fa6b136f8035b8

    • SHA1

      595a4292dd04ebb2b41f3503b163728f4dfceba3

    • SHA256

      2d8905910a47b8b966165381193331c86b51446540585927701cfff7ff36ec07

    • SHA512

      eafb0fc7f608fbdc9fad95e4f26ef5f5b6cb25785460605057b7a0df02e4afa38ddc26bd971dda62faf8b60e95bed5bdafc585948f0e2357aab3b9475fb7bace

    • SSDEEP

      12:8MFm/3BVSXvk44X3ojsqzKtnWNm3cW+UcCsvXLCKeXCf/DWKDiN33YlNPeVnI:8l/BHYVKVWqV+/CW7C7Sf/naHKPeFI

    Score
    10/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks