Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0cb8daebba...98.exe

windows7-x64

7

0cb8daebba...98.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cb8daebbab94e01cfc02f2a4612d1c9c35922f758e89ab02c50d576cf73b398

  • Size

    144KB

  • Sample

    240723-xfgymssflk

  • MD5

    3d51fa29f89f6ec782f0c6467068256f

  • SHA1

    976a83429aef53ad59b11b044a16e2c35df31229

  • SHA256

    0cb8daebbab94e01cfc02f2a4612d1c9c35922f758e89ab02c50d576cf73b398

  • SHA512

    7eef4edfa2c67c1ade9f6335a10860dc8c3a3c6626d0bdca108421d2c5efc549df669ce5eda0dd3a3d0df5ad73f0404ed032e82a1fe42c50313fe3da2fd6ac44

  • SSDEEP

    3072:l5SVkkgUgXC7AdYzrV+Dljy/32ubwZ/qJ:SUFCkdYzrVolu/J0Z/

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      0cb8daebbab94e01cfc02f2a4612d1c9c35922f758e89ab02c50d576cf73b398

    • Size

      144KB

    • MD5

      3d51fa29f89f6ec782f0c6467068256f

    • SHA1

      976a83429aef53ad59b11b044a16e2c35df31229

    • SHA256

      0cb8daebbab94e01cfc02f2a4612d1c9c35922f758e89ab02c50d576cf73b398

    • SHA512

      7eef4edfa2c67c1ade9f6335a10860dc8c3a3c6626d0bdca108421d2c5efc549df669ce5eda0dd3a3d0df5ad73f0404ed032e82a1fe42c50313fe3da2fd6ac44

    • SSDEEP

      3072:l5SVkkgUgXC7AdYzrV+Dljy/32ubwZ/qJ:SUFCkdYzrVolu/J0Z/

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks