Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b64168671d7aa362fe08a7485610b3a0N.exe

  • Size

    1.8MB

  • Sample

    240816-3z2p2syckm

  • MD5

    b64168671d7aa362fe08a7485610b3a0

  • SHA1

    0d984fe9e7910452b24819480b62c6846f2c3f2d

  • SHA256

    348bf2be7fc0f19a0bdb1bd029e2ede41bc39fe8ec78a6fecb59c8738663fb94

  • SHA512

    547a36612245ed0fa2c19a4b276e571aa6998ee85ec3ec39e6eba6948d8c29866da48ffd5599d5fa877724a363947ac346e9dd7935c0d4bdcb79b803a8f1969a

  • SSDEEP

    49152:RNMqQ0kwonLVkZep9nWrPWwONrRoODiGgDWAg2CPaSAnYvJW3BTSXff6YNQVWIPX:RiqQ0kwonLVkZep9nWrPWwONrRoODiGg

Malware Config

Targets

    • Target

      b64168671d7aa362fe08a7485610b3a0N.exe

    • Size

      1.8MB

    • MD5

      b64168671d7aa362fe08a7485610b3a0

    • SHA1

      0d984fe9e7910452b24819480b62c6846f2c3f2d

    • SHA256

      348bf2be7fc0f19a0bdb1bd029e2ede41bc39fe8ec78a6fecb59c8738663fb94

    • SHA512

      547a36612245ed0fa2c19a4b276e571aa6998ee85ec3ec39e6eba6948d8c29866da48ffd5599d5fa877724a363947ac346e9dd7935c0d4bdcb79b803a8f1969a

    • SSDEEP

      49152:RNMqQ0kwonLVkZep9nWrPWwONrRoODiGgDWAg2CPaSAnYvJW3BTSXff6YNQVWIPX:RiqQ0kwonLVkZep9nWrPWwONrRoODiGg

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks