Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f6f44d2f2611e1cad033394146808250N.exe

  • Size

    163KB

  • Sample

    240825-jhc6ksshkg

  • MD5

    f6f44d2f2611e1cad033394146808250

  • SHA1

    1dff810cee8116696019f954b28b90cdb2b95dde

  • SHA256

    2c5521cb43cbc111995c9175a8da0df092bca37d8bf830544e42d98dbabf95a8

  • SHA512

    e7130ce13a32e3c59b4fb959606109a5abc3d8ee4940d97cde7970a8424d8e47f0a0efd3c205bda39899a8cf406f6a89582cfd1dac5fea818f8638fd47ec30da

  • SSDEEP

    1536:kVdmQr3Z5IfQmv81aypP1s3yX+tlehTzk:008JOfQm01F9s3yX+fehTY

Malware Config

Targets

    • Target

      f6f44d2f2611e1cad033394146808250N.exe

    • Size

      163KB

    • MD5

      f6f44d2f2611e1cad033394146808250

    • SHA1

      1dff810cee8116696019f954b28b90cdb2b95dde

    • SHA256

      2c5521cb43cbc111995c9175a8da0df092bca37d8bf830544e42d98dbabf95a8

    • SHA512

      e7130ce13a32e3c59b4fb959606109a5abc3d8ee4940d97cde7970a8424d8e47f0a0efd3c205bda39899a8cf406f6a89582cfd1dac5fea818f8638fd47ec30da

    • SSDEEP

      1536:kVdmQr3Z5IfQmv81aypP1s3yX+tlehTzk:008JOfQm01F9s3yX+fehTY

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks