Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
rename_me.exe
-
Size
37.6MB
-
Sample
240626-qhpb6syfqk
-
MD5
386044ac78761195dc1cb9ed918bfd09
-
SHA1
aac832e2908b24d90af2931d5d98878bf046c2b0
-
SHA256
d2aa93a274505ba40616e3fe4b2753c5f80bac609dd3c3a8410850dd214258f0
-
SHA512
465e0e8444a68e6769a44d2c9866148739b23faec030975385b286f66d689d4e6630acef9bf4788a398dc18ef24d36955c676f001cba2aaeedd891ec95aa340f
-
SSDEEP
393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgX96l+ZArYsFRlCq1:R3on1HvSzxAMNXFZArYs9/3WL4TYdTO
Static task
static1
Behavioral task
behavioral1
Sample
rename_me.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
rename_me.exe
-
Size
37.6MB
-
MD5
386044ac78761195dc1cb9ed918bfd09
-
SHA1
aac832e2908b24d90af2931d5d98878bf046c2b0
-
SHA256
d2aa93a274505ba40616e3fe4b2753c5f80bac609dd3c3a8410850dd214258f0
-
SHA512
465e0e8444a68e6769a44d2c9866148739b23faec030975385b286f66d689d4e6630acef9bf4788a398dc18ef24d36955c676f001cba2aaeedd891ec95aa340f
-
SSDEEP
393216:RQgHDlanaGBXvDKtz+bhPWES4tiNQPNrIKc4gaPbUAgrO4mgX96l+ZArYsFRlCq1:R3on1HvSzxAMNXFZArYs9/3WL4TYdTO
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1