Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
14/06/2024, 02:07
240614-ckfads1fng 8General
-
Target
502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9
-
Size
4.7MB
-
Sample
240614-ckfads1fng
-
MD5
ff0e34e6de60f85ced4c5b0c03439827
-
SHA1
a92625e7ef73e246b881cec734f93419d27339e2
-
SHA256
502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9
-
SHA512
febe06223e8b666a4fe9e9824a8362396bb208cb1e674fbad4c3e240a56e5901e7025c34a45f0ab07c690d4e0f644044b17f0933d591d33d4e9c8dfb4579c647
-
SSDEEP
98304:UCAv36FrjVzR9ymXUsRQrQZNSg7p4l+UWs4Xp7sKO+urmddl0T:hAvKd4mXoQZNS2Q1ep7Q+FK
Static task
static1
Behavioral task
behavioral1
Sample
502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9
-
Size
4.7MB
-
MD5
ff0e34e6de60f85ced4c5b0c03439827
-
SHA1
a92625e7ef73e246b881cec734f93419d27339e2
-
SHA256
502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9
-
SHA512
febe06223e8b666a4fe9e9824a8362396bb208cb1e674fbad4c3e240a56e5901e7025c34a45f0ab07c690d4e0f644044b17f0933d591d33d4e9c8dfb4579c647
-
SSDEEP
98304:UCAv36FrjVzR9ymXUsRQrQZNSg7p4l+UWs4Xp7sKO+urmddl0T:hAvKd4mXoQZNS2Q1ep7Q+FK
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-