Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TLauncher.v10.zip

  • Size

    8.1MB

  • Sample

    240715-3vs74svglp

  • MD5

    2f911e2a572c33286078a307efc3d3e9

  • SHA1

    dc1ce9a1d88f632e7b3ad61b9886f46f5093b1a4

  • SHA256

    520e4770c61bb12e9de15fb225fe7deecbc3aefa9569c80abbf2f0d16fad8759

  • SHA512

    36395086aa7b7d6af28d35e7c42c275f7317c7a2acf9929f17c7c63a5fa958802c1fd0a44e0daee34d01d93efde112ddb4f076f9031ba52403c66cfa54bbc1e2

  • SSDEEP

    196608:GrXi/AfDMkFJnZ2shtKW2U4/24Um+3m6OF6gDgnMsuqMucs:GrJ4IJDhYZz2P3mDYgDO3MuZ

Malware Config

Targets

    • Target

      TLauncher.v10/TLauncher.jar

    • Size

      9.0MB

    • MD5

      5be11d621793d1f85ec02fe405a1cf6d

    • SHA1

      d2f44d8621415f82709dac1001e553461cf2aad4

    • SHA256

      a818894a2b092c658fabe4a5f929b5a1f1906c7522feee8b796cad706123297c

    • SHA512

      8bf0cd76841adfd5530ad0e3162ee96b7625e48fa22cf99d1f79561f2358086213fd2804913265d0bfa016c9fb6b6a8be29b22d68917146c051d78ee30a14531

    • SSDEEP

      196608:MdBllqyzk7bF+XfB+nhuIR4JHXWjh+hB+X:MdBlA7bEXBHbi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks