Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    expediente_89a9a5c640d44fb49de77b5d05db8461.html

  • Size

    734B

  • Sample

    240813-3p4rnaweqm

  • MD5

    acd5771beb9d911383ca2664edccdc0a

  • SHA1

    b084f03122dec9ed2c1773404bf64335b4f1a942

  • SHA256

    a5a8fef1e7cdeff06204ee5b332fb2e62831614207b86d45973531fadb8d7ccb

  • SHA512

    76444f1f343a28289e253e536604b7127120ab68a537b367bb2f69768c9e24be3bf2d4f0bf018631381587a3b9c18adb06c04f98492c196cb064ae82e560139f

Score
8/10

Malware Config

Targets

    • Target

      expediente_89a9a5c640d44fb49de77b5d05db8461.html

    • Size

      734B

    • MD5

      acd5771beb9d911383ca2664edccdc0a

    • SHA1

      b084f03122dec9ed2c1773404bf64335b4f1a942

    • SHA256

      a5a8fef1e7cdeff06204ee5b332fb2e62831614207b86d45973531fadb8d7ccb

    • SHA512

      76444f1f343a28289e253e536604b7127120ab68a537b367bb2f69768c9e24be3bf2d4f0bf018631381587a3b9c18adb06c04f98492c196cb064ae82e560139f

    Score
    8/10
    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks