Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5.exe
-
Size
993KB
-
Sample
240723-b18ffa1ann
-
MD5
ef60acf75c0376b0b966fa79c0eb3b7b
-
SHA1
f34dadc470f90762605ace8d79639dcb7cfb6457
-
SHA256
2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5
-
SHA512
2055775b4177bd838e5a64ffe9b9acc13e9948df8cf0d7698edcce030ea351cb74e0901826e20868fd78aa2ee4f463658d6320cd0e8e35b09a35f66ca82c8241
-
SSDEEP
24576:WMzyQW5NWooWo7lnCV01bmqFOmu4tVoLtGJL7BpWT:MZN9oWoRnCq1K0OmvVrL7iT
Static task
static1
Behavioral task
behavioral1
Sample
2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5.exe
Resource
win7-20240704-en
Malware Config
Extracted
lumma
https://liernessfornicsa.shop/api
https://unseaffarignsk.shop/api
https://shepherdlyopzc.shop/api
https://upknittsoappz.shop/api
https://outpointsozp.shop/api
https://callosallsaospz.shop/api
https://lariatedzugspd.shop/api
https://indexterityszcoxp.shop/api
Targets
-
-
Target
2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5.exe
-
Size
993KB
-
MD5
ef60acf75c0376b0b966fa79c0eb3b7b
-
SHA1
f34dadc470f90762605ace8d79639dcb7cfb6457
-
SHA256
2a7c7e04a56153889550910aa2213bc54bd557dff8156d816dc0f9afc28c89a5
-
SHA512
2055775b4177bd838e5a64ffe9b9acc13e9948df8cf0d7698edcce030ea351cb74e0901826e20868fd78aa2ee4f463658d6320cd0e8e35b09a35f66ca82c8241
-
SSDEEP
24576:WMzyQW5NWooWo7lnCV01bmqFOmu4tVoLtGJL7BpWT:MZN9oWoRnCq1K0OmvVrL7iT
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-