Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    be51277bfbb18cab9db055dbcae2769eb03cb09f6fa5ef997d6b76a6b04ac770

  • Size

    2.0MB

  • Sample

    240825-fmgssawblf

  • MD5

    a7d254f0ea875ee6d966c1e80348adfe

  • SHA1

    7c4a68138369fe853724c7ec92216fddbf816d53

  • SHA256

    be51277bfbb18cab9db055dbcae2769eb03cb09f6fa5ef997d6b76a6b04ac770

  • SHA512

    8aff0d5df4dd6be85602898fca234499ee172e4b2f00d4265df92f0cdcb3e38e1785ec9be8717d195d6ddf218abc8b922e9b7e1640ad754ab7b2ebab2167ae84

  • SSDEEP

    49152:MsThC6TYNwUXz+JR2wjx8+X5gZ+th1aaucQPfM7cSCGDt7WWcrRhajx3l7bQonWD:MsThC6TYNwUXz+JR2wjx8+JgZ+th1aaG

Malware Config

Targets

    • Target

      be51277bfbb18cab9db055dbcae2769eb03cb09f6fa5ef997d6b76a6b04ac770

    • Size

      2.0MB

    • MD5

      a7d254f0ea875ee6d966c1e80348adfe

    • SHA1

      7c4a68138369fe853724c7ec92216fddbf816d53

    • SHA256

      be51277bfbb18cab9db055dbcae2769eb03cb09f6fa5ef997d6b76a6b04ac770

    • SHA512

      8aff0d5df4dd6be85602898fca234499ee172e4b2f00d4265df92f0cdcb3e38e1785ec9be8717d195d6ddf218abc8b922e9b7e1640ad754ab7b2ebab2167ae84

    • SSDEEP

      49152:MsThC6TYNwUXz+JR2wjx8+X5gZ+th1aaucQPfM7cSCGDt7WWcrRhajx3l7bQonWD:MsThC6TYNwUXz+JR2wjx8+JgZ+th1aaG

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks