Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2bde8a0357a3e9c2202962b1c941198d8389709b1e34abf10b11bdd70fe70060

  • Size

    2.6MB

  • Sample

    240811-1phs3sthng

  • MD5

    9ccb508018835587a848ddaabae897d1

  • SHA1

    2d87df0d1599d652e3478bcff975109517bf29c7

  • SHA256

    2bde8a0357a3e9c2202962b1c941198d8389709b1e34abf10b11bdd70fe70060

  • SHA512

    3dd58ce8f7eb8b95dcb322b9d4059176dbd77617f56a00bb40608900805f03d5adea506727501f9f0862ea54004aac67905d18103514efd29f583559f89814be

  • SSDEEP

    12288:HSprXDGV/9Ji6mqUuGybDagMKaA8SFaL4OcDb70:FleZ8bahA8KVb70

Malware Config

Targets

    • Target

      2bde8a0357a3e9c2202962b1c941198d8389709b1e34abf10b11bdd70fe70060

    • Size

      2.6MB

    • MD5

      9ccb508018835587a848ddaabae897d1

    • SHA1

      2d87df0d1599d652e3478bcff975109517bf29c7

    • SHA256

      2bde8a0357a3e9c2202962b1c941198d8389709b1e34abf10b11bdd70fe70060

    • SHA512

      3dd58ce8f7eb8b95dcb322b9d4059176dbd77617f56a00bb40608900805f03d5adea506727501f9f0862ea54004aac67905d18103514efd29f583559f89814be

    • SSDEEP

      12288:HSprXDGV/9Ji6mqUuGybDagMKaA8SFaL4OcDb70:FleZ8bahA8KVb70

    • UAC bypass

    • Windows security bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks