Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Shipping documentsInvoice and Packing List, Certificate of Origin.exe

  • Size

    796KB

  • Sample

    240803-h2mzfs1cnh

  • MD5

    64aeff6b5ea5d45e1eb5494e683847b0

  • SHA1

    0a2df2a4827003e76c49017870f460cc602189c4

  • SHA256

    023034cca9da6237539371b5b9ed642a7e27586f5908ee9cd400649665c22a40

  • SHA512

    a10b16b1dabb73df2c86c3ed635ac5aa32e40b5d289191552e6bc2e27690c6dd442f766eb11cc28808eae2524b663221acccf98ad86385841ceb756156d48b45

  • SSDEEP

    24576:5CHtJNcJA+MsMDOJMe6AANIl4z3pQtiGs0q:UN9+M7e6AAClJ1s

Score
8/10

Malware Config

Targets

    • Target

      Shipping documentsInvoice and Packing List, Certificate of Origin.exe

    • Size

      796KB

    • MD5

      64aeff6b5ea5d45e1eb5494e683847b0

    • SHA1

      0a2df2a4827003e76c49017870f460cc602189c4

    • SHA256

      023034cca9da6237539371b5b9ed642a7e27586f5908ee9cd400649665c22a40

    • SHA512

      a10b16b1dabb73df2c86c3ed635ac5aa32e40b5d289191552e6bc2e27690c6dd442f766eb11cc28808eae2524b663221acccf98ad86385841ceb756156d48b45

    • SSDEEP

      24576:5CHtJNcJA+MsMDOJMe6AANIl4z3pQtiGs0q:UN9+M7e6AAClJ1s

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks