Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9c581c4cec9f25a55ee985d08ad3ba40a268aff6ea05aebff399c31f86b98065.exe

  • Size

    3.3MB

  • Sample

    240614-b3z7vazgmg

  • MD5

    1869978103ed372145fbf14975f8c56e

  • SHA1

    a15f53cb65e2ecfd3c5112711cceb30b9ab88257

  • SHA256

    9c581c4cec9f25a55ee985d08ad3ba40a268aff6ea05aebff399c31f86b98065

  • SHA512

    b306f831e52bc468ee862afc5909dd6e98f3fab2dca12cb2536f2f4dcdfd919bdf6290dee8dc9c5bffc5a52d808834a5489cb3f403af053bb805d66ce6ecd6a6

  • SSDEEP

    24576:0Ln4nHjmrtOSkcMfMFQtpHv85qvdE/ta/7SyI:0LnUHjmb0EFQtpHE5qvdE/ADSb

Malware Config

Targets

    • Target

      9c581c4cec9f25a55ee985d08ad3ba40a268aff6ea05aebff399c31f86b98065.exe

    • Size

      3.3MB

    • MD5

      1869978103ed372145fbf14975f8c56e

    • SHA1

      a15f53cb65e2ecfd3c5112711cceb30b9ab88257

    • SHA256

      9c581c4cec9f25a55ee985d08ad3ba40a268aff6ea05aebff399c31f86b98065

    • SHA512

      b306f831e52bc468ee862afc5909dd6e98f3fab2dca12cb2536f2f4dcdfd919bdf6290dee8dc9c5bffc5a52d808834a5489cb3f403af053bb805d66ce6ecd6a6

    • SSDEEP

      24576:0Ln4nHjmrtOSkcMfMFQtpHv85qvdE/ta/7SyI:0LnUHjmb0EFQtpHE5qvdE/ADSb

    • UAC bypass

    • Windows security bypass

    • Detects executables packed with or use KoiVM

    • Adds policy Run key to start application

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks