Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Document 240000807.exe

  • Size

    1009KB

  • Sample

    240807-bl765azepf

  • MD5

    2fc319277fc5b4a422ee4061a9efb654

  • SHA1

    21d125d5fea94d4a12327777fe209f50588fc82f

  • SHA256

    94234a613eee42af83965884973b29b57e30ef77106535fd6b3b1efb9d7f2ae3

  • SHA512

    76a5e5db7b6b1a8556f89caa0a76511ff0f6d2d3acd62e7ae2105b6a3b479e6145b800b49ac93844a8582eb2c67337368a08887a0899da7bb83a80ad514fd6d9

  • SSDEEP

    24576:4tVbi/AS9oZaFzl37Btwo6sdKKFcLIF/gsuQ8u4k5TWkC6j:CViAS9oZCBt3dKKSy49WlWk7

Score
8/10

Malware Config

Targets

    • Target

      Document 240000807.exe

    • Size

      1009KB

    • MD5

      2fc319277fc5b4a422ee4061a9efb654

    • SHA1

      21d125d5fea94d4a12327777fe209f50588fc82f

    • SHA256

      94234a613eee42af83965884973b29b57e30ef77106535fd6b3b1efb9d7f2ae3

    • SHA512

      76a5e5db7b6b1a8556f89caa0a76511ff0f6d2d3acd62e7ae2105b6a3b479e6145b800b49ac93844a8582eb2c67337368a08887a0899da7bb83a80ad514fd6d9

    • SSDEEP

      24576:4tVbi/AS9oZaFzl37Btwo6sdKKFcLIF/gsuQ8u4k5TWkC6j:CViAS9oZCBt3dKKSy49WlWk7

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks