Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PO#WH2E0520.exe

  • Size

    988KB

  • Sample

    240613-ll2pfstamf

  • MD5

    328c8f1b566488c8e7f8cd0951c173d4

  • SHA1

    2c45dce433d4dd782f0ed7c9a62494a1bdce13aa

  • SHA256

    d220538747164b56b83a6f324adae9b05a1d64a861ddb512c6139a12ca6c31a8

  • SHA512

    d0579cfd4fd61c611b8af986f8579e563f2abac814b260455e5d810076d609ff82bf8d7c7473ec3542e6035265308cb9bbf4fc7d9fb98b468bae74c12883367f

  • SSDEEP

    24576:V4ezTAAfvu922zkq9+qDlcv3sWhegcKyJc:V4WAAfD2zk47lG3sWhegcXO

Malware Config

Targets

    • Target

      PO#WH2E0520.exe

    • Size

      988KB

    • MD5

      328c8f1b566488c8e7f8cd0951c173d4

    • SHA1

      2c45dce433d4dd782f0ed7c9a62494a1bdce13aa

    • SHA256

      d220538747164b56b83a6f324adae9b05a1d64a861ddb512c6139a12ca6c31a8

    • SHA512

      d0579cfd4fd61c611b8af986f8579e563f2abac814b260455e5d810076d609ff82bf8d7c7473ec3542e6035265308cb9bbf4fc7d9fb98b468bae74c12883367f

    • SSDEEP

      24576:V4ezTAAfvu922zkq9+qDlcv3sWhegcKyJc:V4WAAfD2zk47lG3sWhegcXO

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks