Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Update 124...158.js

windows7-x64

10

Update 124...158.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    092b5317ed66c3d999ce9ac463a9e794a9b5edd1ca163647b2da96b381cb999d.zip

  • Size

    5.3MB

  • Sample

    240608-bdawnaff87

  • MD5

    51ff059ffef3cb5ac629d7e804eefdd8

  • SHA1

    9207acf17e2663a4c92aeb75f968d38a40c54f9e

  • SHA256

    092b5317ed66c3d999ce9ac463a9e794a9b5edd1ca163647b2da96b381cb999d

  • SHA512

    8ecf0cb35d0f266acbd94265f2f313293ad365f89b0209fa3236b767e7aea64ad5a75b1c3bb608ec86d5a7a032d6ba880fb57976afc631eb8c0fbbced521078f

  • SSDEEP

    98304:R+jXXUiXX08wlAOPA7FxuthhGfGWuOS1HXLdu4qeMtTY7XftAWP6mdwQfOejCBL1:g7Uf8ZOIxUwE13ZKUXfC86mdw4OI+1

Score
10/10
netsupportexecutionpersistencerat

Malware Config

Targets

    • Target

      Update 124.0.6367.158.js

    • Size

      3.5MB

    • MD5

      11f2b271d98b6d8e2ad624af3c87a5a9

    • SHA1

      5540bb84e6a9af516c01ad25eb5e1d9dd42a0e3c

    • SHA256

      bea62cbac1011a303dae7d43eec61e9b31d80ea4c92cd0fa1d18a9a04e6a2541

    • SHA512

      d984b0102b64bf3b027d9de54e56c9ee8f0ff87a373b97fd8546d9885f610b98e2a889efa1d994b2f0775d56e12a0912e83a16fd258c2680e8cf27c8a12231e4

    • SSDEEP

      49152:paZYOjByI+BJ8V6tlBDBFvLBLtmpf+T2vPHr+Z3jb4WsjcqTbsPF5xhyMa81qIdi:Q

    Score
    10/10
    netsupportexecutionpersistencerat

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

      ratnetsupport

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks