Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ta4073.exe

  • Size

    25.8MB

  • Sample

    240624-algthatcqj

  • MD5

    15ecc8ba9811b8e5bd9d868b213a2182

  • SHA1

    b221004e3ac301e686a02f9c7667cf2c85276c65

  • SHA256

    87bc71b36b242a954f6dac19f466de0944becce465b37825552c1ba9703a19a8

  • SHA512

    88d1518444f53b1a555ab52b97821ac594a2b6f3c78acb8c04798e26d1c5b3eb84af86e5707f45cfc61bf147de05a7e9eab9bc7e406c79290bb4692174012fd5

  • SSDEEP

    786432:xkCG+BZo4femcZvQEqe1aecl5OzvUme1g6fJ3t:xk+BZo4fexQyvcl5OzAfh9

Malware Config

Targets

    • Target

      ta4073.exe

    • Size

      25.8MB

    • MD5

      15ecc8ba9811b8e5bd9d868b213a2182

    • SHA1

      b221004e3ac301e686a02f9c7667cf2c85276c65

    • SHA256

      87bc71b36b242a954f6dac19f466de0944becce465b37825552c1ba9703a19a8

    • SHA512

      88d1518444f53b1a555ab52b97821ac594a2b6f3c78acb8c04798e26d1c5b3eb84af86e5707f45cfc61bf147de05a7e9eab9bc7e406c79290bb4692174012fd5

    • SSDEEP

      786432:xkCG+BZo4femcZvQEqe1aecl5OzvUme1g6fJ3t:xk+BZo4fexQyvcl5OzAfh9

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks