Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SSMS-Setup-ENU.exe

  • Size

    485.3MB

  • Sample

    240627-tfjwfsyepf

  • MD5

    0f230d87d2c57bee16c9d33d75060d73

  • SHA1

    7d1a9b702adcbbc6a4a8331ef9a238e49be39480

  • SHA256

    a1fee4045eed25da9a4d6dcaa9188d15e88fecc8c175dda59a116d0cd9b511e9

  • SHA512

    1ae914ac95107c3a1ba829a1793835a3a715cefc42e7d7e5b6a07d08cf4c632ccdae6cba78bf90c3183195620eb1493ce8cbee7c6cda65636c2939ea26a6b0d1

  • SSDEEP

    12582912:K97VVz5GSxX9ME4ReEhlvpAiQ/VbKJB2k74hLPozHJFL+uBvP1jlW+TO8iy5hE:K97VVz5GSxX9MEuxAi8lKJB2kcVQzHHS

Malware Config

Targets

    • Target

      SSMS-Setup-ENU.exe

    • Size

      485.3MB

    • MD5

      0f230d87d2c57bee16c9d33d75060d73

    • SHA1

      7d1a9b702adcbbc6a4a8331ef9a238e49be39480

    • SHA256

      a1fee4045eed25da9a4d6dcaa9188d15e88fecc8c175dda59a116d0cd9b511e9

    • SHA512

      1ae914ac95107c3a1ba829a1793835a3a715cefc42e7d7e5b6a07d08cf4c632ccdae6cba78bf90c3183195620eb1493ce8cbee7c6cda65636c2939ea26a6b0d1

    • SSDEEP

      12582912:K97VVz5GSxX9ME4ReEhlvpAiQ/VbKJB2k74hLPozHJFL+uBvP1jlW+TO8iy5hE:K97VVz5GSxX9MEuxAi8lKJB2kcVQzHHS

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks