Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

cryptolaemus

windows10-2004-x64

8

cryptolaemus

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f96327b104b6487a604b7b099921eaed35c8bb445534c1a29cd280069653660b

  • Size

    2.5MB

  • Sample

    240713-zxyc3axcjj

  • MD5

    eb51e8cbb840ace72c5a42d3e0ce2765

  • SHA1

    965d2300cb9627f6605a269dae2f5bc2d7eeeada

  • SHA256

    f96327b104b6487a604b7b099921eaed35c8bb445534c1a29cd280069653660b

  • SHA512

    a578dcc069d55770d24c60aa3540680489ba44a0b4620a742a46fb9ad3085e316914750f15140170cb6fbdff35fec52b83d837d7f34ed9f2562f97214df7490d

  • SSDEEP

    49152:uA5JkHDjz4jI+7tjygzaQBrGpvEOB5fB8ra0bNSzee+h6bLeT1Rh77bRKwzWw:uA5Ojvd+7tpzaIML5cNnjT9R+w

Score
8/10
executionpersistence

Malware Config

Targets

    • Target

      f96327b104b6487a604b7b099921eaed35c8bb445534c1a29cd280069653660b

    • Size

      2.5MB

    • MD5

      eb51e8cbb840ace72c5a42d3e0ce2765

    • SHA1

      965d2300cb9627f6605a269dae2f5bc2d7eeeada

    • SHA256

      f96327b104b6487a604b7b099921eaed35c8bb445534c1a29cd280069653660b

    • SHA512

      a578dcc069d55770d24c60aa3540680489ba44a0b4620a742a46fb9ad3085e316914750f15140170cb6fbdff35fec52b83d837d7f34ed9f2562f97214df7490d

    • SSDEEP

      49152:uA5JkHDjz4jI+7tjygzaQBrGpvEOB5fB8ra0bNSzee+h6bLeT1Rh77bRKwzWw:uA5Ojvd+7tpzaIML5cNnjT9R+w

    Score
    8/10
    executionpersistence

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Power Settings

      powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks