Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fc6a3bcff7342c84897e51eea16cf2c9bc2db3f1_full.jpg

  • Size

    16KB

  • Sample

    240609-11ntgagb96

  • MD5

    62998e35cf8c9b271f4daf8ac0ddfb1e

  • SHA1

    db740b683ed625a346268876f89e72e9a24d5fdf

  • SHA256

    a6b3c831e2ec1107992848070d0b8100f3bab8ba576b7f7629ebbae951867fd5

  • SHA512

    24b873447134fdd08041842f36a73774fa6a6c8a640358dc9788af9ef56e0a3d1690dbf3c3c13210e26c5c3ac57aae2b8c10dd50df9fe3fe62b2e3d9c6404dd1

  • SSDEEP

    384:FvkvGM8sMtmp9vwlB+53iNO6CG51qXHKn7wdrkv:WXJMtmp9Ilu3iM6FKqn7skv

Malware Config

Targets

    • Target

      fc6a3bcff7342c84897e51eea16cf2c9bc2db3f1_full.jpg

    • Size

      16KB

    • MD5

      62998e35cf8c9b271f4daf8ac0ddfb1e

    • SHA1

      db740b683ed625a346268876f89e72e9a24d5fdf

    • SHA256

      a6b3c831e2ec1107992848070d0b8100f3bab8ba576b7f7629ebbae951867fd5

    • SHA512

      24b873447134fdd08041842f36a73774fa6a6c8a640358dc9788af9ef56e0a3d1690dbf3c3c13210e26c5c3ac57aae2b8c10dd50df9fe3fe62b2e3d9c6404dd1

    • SSDEEP

      384:FvkvGM8sMtmp9vwlB+53iNO6CG51qXHKn7wdrkv:WXJMtmp9Ilu3iM6FKqn7skv

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks