Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
29.exe
-
Size
319KB
-
Sample
240719-p3zg7ssark
-
MD5
e8e59836a0fe2dfebcbde148711b5d56
-
SHA1
cd8fbf0dcdd429c06c80b124caf574334504e99a
-
SHA256
2960a2d4d2fd6b7b85b8e3ea4c86ec0c13b93bfd3754a7e772a2c74f564b0009
-
SHA512
0d0673c64f9e9e1c75e10ce6d02c4b5530831d1659ada88acf951e2bcbd56c38f0c59674b3eb7837fd882b23499eb350f2925fd67d3fdf51992d9a4312a02309
-
SSDEEP
6144:CZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6BJXCcOS8W78U2kGHF4143nip:kANwRo+mv8QD4+0V167XDOSDN2JF41me
Static task
static1
Behavioral task
behavioral1
Sample
29.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
29.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
[email protected] - Password:
9b0P96R6nBreNQrU3Cte
Targets
-
-
Target
29.exe
-
Size
319KB
-
MD5
e8e59836a0fe2dfebcbde148711b5d56
-
SHA1
cd8fbf0dcdd429c06c80b124caf574334504e99a
-
SHA256
2960a2d4d2fd6b7b85b8e3ea4c86ec0c13b93bfd3754a7e772a2c74f564b0009
-
SHA512
0d0673c64f9e9e1c75e10ce6d02c4b5530831d1659ada88acf951e2bcbd56c38f0c59674b3eb7837fd882b23499eb350f2925fd67d3fdf51992d9a4312a02309
-
SSDEEP
6144:CZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6BJXCcOS8W78U2kGHF4143nip:kANwRo+mv8QD4+0V167XDOSDN2JF41me
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Hide Artifacts: Hidden Window
Windows that would typically be displayed when an application carries out an operation can be hidden.
-