Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk
-
Size
30KB
-
Sample
240609-lrvs4ahf55
-
MD5
3deb98c1970c8ed0d95086d79e579231
-
SHA1
bc8b9ae3e0e278c69d100d30333dc380fc7fe57a
-
SHA256
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4
-
SHA512
e25073a88ac942f2aee7f57de6bd51b3b0dbf9caa0c5b569f603315cae5de2ce9308fa974f44b8a24b5cc661f8f152cdfc5ee985f7e388319d2ec4059cc28630
-
SSDEEP
24:8l/BHYVKVWuMs4ds+/CWLC7SfW8g/kwCYmaHKPeFI:815aTDds7S7gzTmE
Static task
static1
Behavioral task
behavioral1
Sample
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk
Resource
win10v2004-20240426-en
Malware Config
Extracted
http://198.23.201.89/warm/wow123.hta
Targets
-
-
Target
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk
-
Size
30KB
-
MD5
3deb98c1970c8ed0d95086d79e579231
-
SHA1
bc8b9ae3e0e278c69d100d30333dc380fc7fe57a
-
SHA256
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4
-
SHA512
e25073a88ac942f2aee7f57de6bd51b3b0dbf9caa0c5b569f603315cae5de2ce9308fa974f44b8a24b5cc661f8f152cdfc5ee985f7e388319d2ec4059cc28630
-
SSDEEP
24:8l/BHYVKVWuMs4ds+/CWLC7SfW8g/kwCYmaHKPeFI:815aTDds7S7gzTmE
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-