Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk

  • Size

    30KB

  • Sample

    240609-lrvs4ahf55

  • MD5

    3deb98c1970c8ed0d95086d79e579231

  • SHA1

    bc8b9ae3e0e278c69d100d30333dc380fc7fe57a

  • SHA256

    9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4

  • SHA512

    e25073a88ac942f2aee7f57de6bd51b3b0dbf9caa0c5b569f603315cae5de2ce9308fa974f44b8a24b5cc661f8f152cdfc5ee985f7e388319d2ec4059cc28630

  • SSDEEP

    24:8l/BHYVKVWuMs4ds+/CWLC7SfW8g/kwCYmaHKPeFI:815aTDds7S7gzTmE

Score
10/10

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://198.23.201.89/warm/wow123.hta

Targets

    • Target

      9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk

    • Size

      30KB

    • MD5

      3deb98c1970c8ed0d95086d79e579231

    • SHA1

      bc8b9ae3e0e278c69d100d30333dc380fc7fe57a

    • SHA256

      9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4

    • SHA512

      e25073a88ac942f2aee7f57de6bd51b3b0dbf9caa0c5b569f603315cae5de2ce9308fa974f44b8a24b5cc661f8f152cdfc5ee985f7e388319d2ec4059cc28630

    • SSDEEP

      24:8l/BHYVKVWuMs4ds+/CWLC7SfW8g/kwCYmaHKPeFI:815aTDds7S7gzTmE

    Score
    10/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Command and Scripting Interpreter: PowerShell

      Start PowerShell.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks