Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a00dac0b4a10fa685e690bf4495fd3c0N.exe

  • Size

    100KB

  • Sample

    240821-rxl12atepf

  • MD5

    a00dac0b4a10fa685e690bf4495fd3c0

  • SHA1

    fbe4f5d4608d28dac380b917fc1926666cafee0a

  • SHA256

    c9e372c31191a2bb1f1336362a096437fa536ffbfbb72e81e365821b89267793

  • SHA512

    af64e04c6a425a8306c03c9bfd2e9761d7df9915e828901fce408a1d728e1ffb5eeb220ec8b69033f9f086a3c9bbec85d12acfda60d3b0d6f1f6ca59463b0fe6

  • SSDEEP

    1536:i7jefyvmr27iTa2ztrIx67LTtiHNC6LarhbmJADrn6bGSkgkt/8rO2KJCiWsqfKv:K+qmTa2ztaITUHNC6LawADlp+i

Malware Config

Targets

    • Target

      a00dac0b4a10fa685e690bf4495fd3c0N.exe

    • Size

      100KB

    • MD5

      a00dac0b4a10fa685e690bf4495fd3c0

    • SHA1

      fbe4f5d4608d28dac380b917fc1926666cafee0a

    • SHA256

      c9e372c31191a2bb1f1336362a096437fa536ffbfbb72e81e365821b89267793

    • SHA512

      af64e04c6a425a8306c03c9bfd2e9761d7df9915e828901fce408a1d728e1ffb5eeb220ec8b69033f9f086a3c9bbec85d12acfda60d3b0d6f1f6ca59463b0fe6

    • SSDEEP

      1536:i7jefyvmr27iTa2ztrIx67LTtiHNC6LarhbmJADrn6bGSkgkt/8rO2KJCiWsqfKv:K+qmTa2ztaITUHNC6LawADlp+i

    • Modifies visiblity of hidden/system files in Explorer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks