Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
87944a5ef7ee2c0db8c81da51a2de900N.exe
-
Size
267KB
-
Sample
240815-ljmshswenh
-
MD5
87944a5ef7ee2c0db8c81da51a2de900
-
SHA1
860ec7241cb7897d20b25df5d5da1042a67ecc44
-
SHA256
e57f5c12f0d16315a298851f3ae86ca19c0c56ea603ca3f7571415a88bc67b5d
-
SHA512
291ec1ffad87ddb35a9916b31c70ec0cf6260712ce28d33ac34ff73c1b7eb75aab2da55d37ac7c7cae00583b25d81f4a0764291f0692b7ca5b4ed06db3cd4c84
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/V:WFzDqa86hV6uRRqX1evPlwAt
Static task
static1
Behavioral task
behavioral1
Sample
87944a5ef7ee2c0db8c81da51a2de900N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
87944a5ef7ee2c0db8c81da51a2de900N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
asyncrat
0.4.9G
corporation.warzonedns.com:9341
480-28105c055659
-
delay
0
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
87944a5ef7ee2c0db8c81da51a2de900N.exe
-
Size
267KB
-
MD5
87944a5ef7ee2c0db8c81da51a2de900
-
SHA1
860ec7241cb7897d20b25df5d5da1042a67ecc44
-
SHA256
e57f5c12f0d16315a298851f3ae86ca19c0c56ea603ca3f7571415a88bc67b5d
-
SHA512
291ec1ffad87ddb35a9916b31c70ec0cf6260712ce28d33ac34ff73c1b7eb75aab2da55d37ac7c7cae00583b25d81f4a0764291f0692b7ca5b4ed06db3cd4c84
-
SSDEEP
3072:WdvzDqxs8ORikgogWfiuRXd3YmSffdTKXNXANewGBvskX1pWA/V:WFzDqa86hV6uRRqX1evPlwAt
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-