Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    20082024090918082024MSCU5149009.7Z

  • Size

    723KB

  • Sample

    240820-m1v1ws1hql

  • MD5

    db75a0af04e4cf6f1bd70f72e34ab169

  • SHA1

    d26f1a63469ac2757913c50cb0967294547c5a5a

  • SHA256

    4cf6420a44a75abd889dbccbbce49eab540bcd2ee7c8a75346ee6c910a98c6d2

  • SHA512

    69d6142a46c55374448654ddb4f21f41a096ef068f73568be7aa7e48ffd4bbf7b7723ab3af47aad8cc7f63d755a5cc9a865f7b55391575723f4594bab1d90062

  • SSDEEP

    12288:ttNrhcWBH8dAse2Z5YNevvfdsUm/ArNF4wSXmRqqUMXB2ZMdbq5HSt/OSt:phmdAsHOsHFOIrNKXXybXB2ZONt/Oi

Score
8/10

Malware Config

Targets

    • Target

      MSCU5149009.exe

    • Size

      772KB

    • MD5

      aab0120a6b51c6ed13d3898a39873fad

    • SHA1

      6170878e2a3c856a0eaa18c7e5794d09f447bfb5

    • SHA256

      5c07ec6bee1771f53b2c52e01e8b2531c8991a71f927596cfccab590b7baffc0

    • SHA512

      95af02a56cc7c5e2b082b7939ac4430857c26bafc92a84e07ad88a8ba964212b8aa3b3dfa007b49fcd12a0c33052245d4192fa9bd693f9a2985fb31d8621c893

    • SSDEEP

      12288:kS8Vuk89Q7upy9iiRZYbfqa2uVpElpTcTkfq+OoRFPvz8q+zs0R6:0AD9UZYrqa5Gs2FXz8ho

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks