Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ba10a14a41d9dae362c3f4c2ed4680e5b46d49d2ee6f5f28872c9682096fb744.exe
-
Size
45.0MB
-
Sample
240721-lf3pkazcmj
-
MD5
1ca12585c0bd9f0270c59e7a5a4b43b3
-
SHA1
b5b805e0e19296e1702e0e6a42f6a8c45ea4f15d
-
SHA256
ba10a14a41d9dae362c3f4c2ed4680e5b46d49d2ee6f5f28872c9682096fb744
-
SHA512
c6a1878aff22bcd0c79ece9e44fe2ddfc9a028012342ae85099309c31ed60c776e0a1465e2d26cc5ecb5848d6692a441f228e7746910e122716e0aad25eacc8e
-
SSDEEP
24576:y+0uFsw+b4dkKEj9ZUZbpKLDnMV1+/ez6Db0zh45:Au+w+b4dkL96Z8M+/e2czh45
Static task
static1
Behavioral task
behavioral1
Sample
ba10a14a41d9dae362c3f4c2ed4680e5b46d49d2ee6f5f28872c9682096fb744.exe
Resource
win7-20240705-en
Malware Config
Extracted
lumma
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
ba10a14a41d9dae362c3f4c2ed4680e5b46d49d2ee6f5f28872c9682096fb744.exe
-
Size
45.0MB
-
MD5
1ca12585c0bd9f0270c59e7a5a4b43b3
-
SHA1
b5b805e0e19296e1702e0e6a42f6a8c45ea4f15d
-
SHA256
ba10a14a41d9dae362c3f4c2ed4680e5b46d49d2ee6f5f28872c9682096fb744
-
SHA512
c6a1878aff22bcd0c79ece9e44fe2ddfc9a028012342ae85099309c31ed60c776e0a1465e2d26cc5ecb5848d6692a441f228e7746910e122716e0aad25eacc8e
-
SSDEEP
24576:y+0uFsw+b4dkKEj9ZUZbpKLDnMV1+/ez6Db0zh45:Au+w+b4dkL96Z8M+/e2czh45
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-