Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Shipping documentsInvoice and Packing List, Certificate of Origin.exe
-
Size
796KB
-
Sample
240803-h2mzfs1cnh
-
MD5
64aeff6b5ea5d45e1eb5494e683847b0
-
SHA1
0a2df2a4827003e76c49017870f460cc602189c4
-
SHA256
023034cca9da6237539371b5b9ed642a7e27586f5908ee9cd400649665c22a40
-
SHA512
a10b16b1dabb73df2c86c3ed635ac5aa32e40b5d289191552e6bc2e27690c6dd442f766eb11cc28808eae2524b663221acccf98ad86385841ceb756156d48b45
-
SSDEEP
24576:5CHtJNcJA+MsMDOJMe6AANIl4z3pQtiGs0q:UN9+M7e6AAClJ1s
Static task
static1
Behavioral task
behavioral1
Sample
Shipping documentsInvoice and Packing List, Certificate of Origin.exe
Resource
win7-20240729-en
Malware Config
Targets
-
-
Target
Shipping documentsInvoice and Packing List, Certificate of Origin.exe
-
Size
796KB
-
MD5
64aeff6b5ea5d45e1eb5494e683847b0
-
SHA1
0a2df2a4827003e76c49017870f460cc602189c4
-
SHA256
023034cca9da6237539371b5b9ed642a7e27586f5908ee9cd400649665c22a40
-
SHA512
a10b16b1dabb73df2c86c3ed635ac5aa32e40b5d289191552e6bc2e27690c6dd442f766eb11cc28808eae2524b663221acccf98ad86385841ceb756156d48b45
-
SSDEEP
24576:5CHtJNcJA+MsMDOJMe6AANIl4z3pQtiGs0q:UN9+M7e6AAClJ1s
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-