Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
TLauncher.v10.zip
-
Size
8.1MB
-
Sample
240715-3vs74svglp
-
MD5
2f911e2a572c33286078a307efc3d3e9
-
SHA1
dc1ce9a1d88f632e7b3ad61b9886f46f5093b1a4
-
SHA256
520e4770c61bb12e9de15fb225fe7deecbc3aefa9569c80abbf2f0d16fad8759
-
SHA512
36395086aa7b7d6af28d35e7c42c275f7317c7a2acf9929f17c7c63a5fa958802c1fd0a44e0daee34d01d93efde112ddb4f076f9031ba52403c66cfa54bbc1e2
-
SSDEEP
196608:GrXi/AfDMkFJnZ2shtKW2U4/24Um+3m6OF6gDgnMsuqMucs:GrJ4IJDhYZz2P3mDYgDO3MuZ
Malware Config
Targets
-
-
Target
TLauncher.v10/TLauncher.jar
-
Size
9.0MB
-
MD5
5be11d621793d1f85ec02fe405a1cf6d
-
SHA1
d2f44d8621415f82709dac1001e553461cf2aad4
-
SHA256
a818894a2b092c658fabe4a5f929b5a1f1906c7522feee8b796cad706123297c
-
SHA512
8bf0cd76841adfd5530ad0e3162ee96b7625e48fa22cf99d1f79561f2358086213fd2804913265d0bfa016c9fb6b6a8be29b22d68917146c051d78ee30a14531
-
SSDEEP
196608:MdBllqyzk7bF+XfB+nhuIR4JHXWjh+hB+X:MdBlA7bEXBHbi
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1