Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    22072024_1348_22072024_NFQ24-0420(R1).rar

  • Size

    390KB

  • Sample

    240722-q4bm7szgjc

  • MD5

    9917966a44a80362e750dce0c2420b77

  • SHA1

    5831d16d667e30415af2f2858001d0fd5df21697

  • SHA256

    43b7d82d9bbe8f34667a55599d0bda9122d06dfa39472863541a40f6e07e2227

  • SHA512

    2876bf9b8d2e2d61a7eb1c37e6676c1b477b9a3e8283e00b83bc4982eec36b48e5af00cd8bdbc8176ab3737d86a78f4c4426b5407cd9c4ecd5fe9c9711289e0b

  • SSDEEP

    6144:X1t0dQCj7FA/GgqqXY8LMTtdo2LU5iSDUY/bWrX3QvSsOnp:lt0K++aqXR2QNDUlrXL/np

Score
8/10

Malware Config

Targets

    • Target

      NFQ24-0420(R1).exe

    • Size

      422KB

    • MD5

      72f5d261c15af3b18c99b7121956e358

    • SHA1

      a3c152f7be3f808afec47c1b7a904e41fd399be0

    • SHA256

      5c48fc65228bbeca2ecfebfbe9cb28e5edec4c54c4f0d4adb982d7773752bd78

    • SHA512

      d126abc88ad7ba131de9b86b07dec2b5d516fe439705e23c725dc40add0d9d4399f8cc826795ee0fa1d702174100ab783fa6c462e13b5bc7ee68fa14e89fed51

    • SSDEEP

      12288:R0gxaoHhKpbm9nGm+6kwLyzPlFjwaFEs5KidrpHN8G:raeIsR2FjXxK8rb8G

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      cafeteaterets.dot

    • Size

      6KB

    • MD5

      713e92c6b3c5b8faf325e98283d3e487

    • SHA1

      a8d31c97c5bc47c53ef7ef3379ed2886d3919b6b

    • SHA256

      17e8442b7fa4c2a092db9ec5052d79c16fa35c529f467a5f85ec27bd2f407483

    • SHA512

      579518a3a6d2be76fc939790900d4431ba5897d6d0bd7bea9626620632af168b46ab397963166675e8c95f6ed86e0c2511010fb091f49783482d5202ccf37d23

    • SSDEEP

      96:WJCmj6ruITI+KzqMAsdnIKVai8sUucnqQh3wZOc71xoign4lU557I:ECmjOXXKYCnIEaPeiAZBoPA

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks