Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    384878ff8e9a05c478c0dd94754ac0da2d8d33fdbb6d51334f0de55e17c0be45

  • Size

    717KB

  • Sample

    240606-1fd4jadd98

  • MD5

    9cb8a4bb063d742711a7dc0cedf4497f

  • SHA1

    5a24cffc87332cdf5e25f6654bfe060e37bcf39e

  • SHA256

    384878ff8e9a05c478c0dd94754ac0da2d8d33fdbb6d51334f0de55e17c0be45

  • SHA512

    d12a2f2adb1cef052d18156973d6c0ca14242c6d62646a34457b498495bd7a283b136ef0cda6a27f53aa2b2b5ac560fba62d520b8f6a2439987d2a35188a387d

  • SSDEEP

    12288:q34O+O4KNr+uX7JqP3y+pSETbo3LJGWwcH3gKxvZOpQIO+o1+VDfh1+Nt6gfMSNv:q3lCuLii+pLWLJFGKxvTIboIVDfj8t6+

Score
8/10

Malware Config

Targets

    • Target

      384878ff8e9a05c478c0dd94754ac0da2d8d33fdbb6d51334f0de55e17c0be45

    • Size

      717KB

    • MD5

      9cb8a4bb063d742711a7dc0cedf4497f

    • SHA1

      5a24cffc87332cdf5e25f6654bfe060e37bcf39e

    • SHA256

      384878ff8e9a05c478c0dd94754ac0da2d8d33fdbb6d51334f0de55e17c0be45

    • SHA512

      d12a2f2adb1cef052d18156973d6c0ca14242c6d62646a34457b498495bd7a283b136ef0cda6a27f53aa2b2b5ac560fba62d520b8f6a2439987d2a35188a387d

    • SSDEEP

      12288:q34O+O4KNr+uX7JqP3y+pSETbo3LJGWwcH3gKxvZOpQIO+o1+VDfh1+Nt6gfMSNv:q3lCuLii+pLWLJFGKxvTIboIVDfj8t6+

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks