Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/06/2024, 02:07

240614-ckfads1fng 8

General

  • Target

    502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9

  • Size

    4.7MB

  • Sample

    240614-ckfads1fng

  • MD5

    ff0e34e6de60f85ced4c5b0c03439827

  • SHA1

    a92625e7ef73e246b881cec734f93419d27339e2

  • SHA256

    502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9

  • SHA512

    febe06223e8b666a4fe9e9824a8362396bb208cb1e674fbad4c3e240a56e5901e7025c34a45f0ab07c690d4e0f644044b17f0933d591d33d4e9c8dfb4579c647

  • SSDEEP

    98304:UCAv36FrjVzR9ymXUsRQrQZNSg7p4l+UWs4Xp7sKO+urmddl0T:hAvKd4mXoQZNS2Q1ep7Q+FK

Score
8/10

Malware Config

Targets

    • Target

      502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9

    • Size

      4.7MB

    • MD5

      ff0e34e6de60f85ced4c5b0c03439827

    • SHA1

      a92625e7ef73e246b881cec734f93419d27339e2

    • SHA256

      502eb20c38aeb460db5590ebb2de4b87efcc585be54662e40631e4da55d750b9

    • SHA512

      febe06223e8b666a4fe9e9824a8362396bb208cb1e674fbad4c3e240a56e5901e7025c34a45f0ab07c690d4e0f644044b17f0933d591d33d4e9c8dfb4579c647

    • SSDEEP

      98304:UCAv36FrjVzR9ymXUsRQrQZNSg7p4l+UWs4Xp7sKO+urmddl0T:hAvKd4mXoQZNS2Q1ep7Q+FK

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks