Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
download.jpg
-
Size
6KB
-
Sample
240625-tle5fszdkg
-
MD5
575f99dd2f4455ab67eac43906bcc963
-
SHA1
2a68146dde2898208eb74bfb50c90a2b5994c921
-
SHA256
950a0e8ce3cc72fa0c9974a0fd6759b5b9efd1a7e33d37f5b6ec8b8fa1b27eb3
-
SHA512
7d782e2223b85a3e9ff2df3b8d00583f90b8e139ef9fc0e36c60b6fd790c36590ebb53e2f8c04849977036f70f2e03bb723f4a97d83246e7a40b103e6a0dbd8e
-
SSDEEP
96:pnqZvyduuJ9ztAlzYi1fra0bRXSkGjmOTax0eucql3TwSn+STAoxRAmbuqwTrP9g:pqZruJ9eZbQj342L+APrvKqw6OJtHYFX
Static task
static1
Behavioral task
behavioral1
Sample
download.jpg
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
download.jpg
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
download.jpg
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral4
Sample
download.jpg
Resource
android-x64-20240624-en
Behavioral task
behavioral5
Sample
download.jpg
Resource
macos-20240611-en
Malware Config
Targets
-
-
Target
download.jpg
-
Size
6KB
-
MD5
575f99dd2f4455ab67eac43906bcc963
-
SHA1
2a68146dde2898208eb74bfb50c90a2b5994c921
-
SHA256
950a0e8ce3cc72fa0c9974a0fd6759b5b9efd1a7e33d37f5b6ec8b8fa1b27eb3
-
SHA512
7d782e2223b85a3e9ff2df3b8d00583f90b8e139ef9fc0e36c60b6fd790c36590ebb53e2f8c04849977036f70f2e03bb723f4a97d83246e7a40b103e6a0dbd8e
-
SSDEEP
96:pnqZvyduuJ9ztAlzYi1fra0bRXSkGjmOTax0eucql3TwSn+STAoxRAmbuqwTrP9g:pqZruJ9eZbQj342L+APrvKqw6OJtHYFX
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-