Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    opituvannya.hta

  • Size

    62KB

  • Sample

    240614-rb4nysxdnm

  • MD5

    c708f14c2f52a4dc08397830f236756c

  • SHA1

    4ac6a85dd75482792aaf1bd5926f0fadb3294076

  • SHA256

    82f62251ab3149595cbbb8650c9751965643deb0b94bf072378d2995b578d67e

  • SHA512

    46c4826e3f06ed0e40f41a9d1ea7f9c355141cf8574f5f7742b47694aa7b9815b1019a952f2be196ee365f89ae2c367c719c680509c74e281d903be63d046a6c

  • SSDEEP

    768:knAQQXYSMpqVHKkwIMU+B8sbo11HKZOzfUwM:eAQiYSMpmqk6pBW11HNMwM

Score
8/10

Malware Config

Targets

    • Target

      opituvannya.hta

    • Size

      62KB

    • MD5

      c708f14c2f52a4dc08397830f236756c

    • SHA1

      4ac6a85dd75482792aaf1bd5926f0fadb3294076

    • SHA256

      82f62251ab3149595cbbb8650c9751965643deb0b94bf072378d2995b578d67e

    • SHA512

      46c4826e3f06ed0e40f41a9d1ea7f9c355141cf8574f5f7742b47694aa7b9815b1019a952f2be196ee365f89ae2c367c719c680509c74e281d903be63d046a6c

    • SSDEEP

      768:knAQQXYSMpqVHKkwIMU+B8sbo11HKZOzfUwM:eAQiYSMpmqk6pBW11HNMwM

    Score
    8/10
    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks