Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fc6a3bcff7342c84897e51eea16cf2c9bc2db3f1_full.jpg
-
Size
16KB
-
Sample
240609-11ntgagb96
-
MD5
62998e35cf8c9b271f4daf8ac0ddfb1e
-
SHA1
db740b683ed625a346268876f89e72e9a24d5fdf
-
SHA256
a6b3c831e2ec1107992848070d0b8100f3bab8ba576b7f7629ebbae951867fd5
-
SHA512
24b873447134fdd08041842f36a73774fa6a6c8a640358dc9788af9ef56e0a3d1690dbf3c3c13210e26c5c3ac57aae2b8c10dd50df9fe3fe62b2e3d9c6404dd1
-
SSDEEP
384:FvkvGM8sMtmp9vwlB+53iNO6CG51qXHKn7wdrkv:WXJMtmp9Ilu3iM6FKqn7skv
Static task
static1
Behavioral task
behavioral1
Sample
fc6a3bcff7342c84897e51eea16cf2c9bc2db3f1_full.jpg
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
fc6a3bcff7342c84897e51eea16cf2c9bc2db3f1_full.jpg
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
fc6a3bcff7342c84897e51eea16cf2c9bc2db3f1_full.jpg
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
fc6a3bcff7342c84897e51eea16cf2c9bc2db3f1_full.jpg
-
Size
16KB
-
MD5
62998e35cf8c9b271f4daf8ac0ddfb1e
-
SHA1
db740b683ed625a346268876f89e72e9a24d5fdf
-
SHA256
a6b3c831e2ec1107992848070d0b8100f3bab8ba576b7f7629ebbae951867fd5
-
SHA512
24b873447134fdd08041842f36a73774fa6a6c8a640358dc9788af9ef56e0a3d1690dbf3c3c13210e26c5c3ac57aae2b8c10dd50df9fe3fe62b2e3d9c6404dd1
-
SSDEEP
384:FvkvGM8sMtmp9vwlB+53iNO6CG51qXHKn7wdrkv:WXJMtmp9Ilu3iM6FKqn7skv
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-