Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PuntoSwitcherSetup.exe
-
Size
4.7MB
-
Sample
240806-zer4bstcpg
-
MD5
4d117942431a29406cbd484bb348ed6e
-
SHA1
b2a481bb6e6887546651cfa392708d2d35f5660b
-
SHA256
a3928fd3924b4582dee1987170e3b5619e3473ed5241602bfe65040206d3a7c8
-
SHA512
38a2434f217b67e5fd82aa358ecc1a1c8fe37b5800816afe2a06ba35006dc1511f222917c12a26f8a9241ae5d707eeb7070c49955c61ade311713db901af3c74
-
SSDEEP
98304:dcbgZ7rbsV00usn1Jq/kkYQnxPDynur7vzw1RJhRqFmV:B1XsKVmIyur7v+V
Static task
static1
Malware Config
Targets
-
-
Target
PuntoSwitcherSetup.exe
-
Size
4.7MB
-
MD5
4d117942431a29406cbd484bb348ed6e
-
SHA1
b2a481bb6e6887546651cfa392708d2d35f5660b
-
SHA256
a3928fd3924b4582dee1987170e3b5619e3473ed5241602bfe65040206d3a7c8
-
SHA512
38a2434f217b67e5fd82aa358ecc1a1c8fe37b5800816afe2a06ba35006dc1511f222917c12a26f8a9241ae5d707eeb7070c49955c61ade311713db901af3c74
-
SSDEEP
98304:dcbgZ7rbsV00usn1Jq/kkYQnxPDynur7vzw1RJhRqFmV:B1XsKVmIyur7v+V
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1