Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PqHR.exe

  • Size

    703KB

  • Sample

    240828-ygdhaavark

  • MD5

    7f0bde5df6ebbdceeda83413fc738320

  • SHA1

    0b56f2596dc7a7a98d0658fa713c390fc13e3b58

  • SHA256

    3220d05370089858afc641382a81dd7e36ee4ad2061addfaf9d70b966e20b718

  • SHA512

    65b54ebaeeb4738043de99d0b0426a734f1b5aef4b1060824f9483c61a68d71f3d7386e2673c8b6578f1decbd0d18ca31df3026101304b200e91770a2b3794d1

  • SSDEEP

    12288:6mdn4uUeOJon2ftsknVYzi9FCqW+mizBu0LbDcrnsCQYF9eNQvnoj/TY9VNh6T+6:6gTOJCciUPFCqTmiVt/crnbF9eKnM0V/

Score
8/10

Malware Config

Targets

    • Target

      PqHR.exe

    • Size

      703KB

    • MD5

      7f0bde5df6ebbdceeda83413fc738320

    • SHA1

      0b56f2596dc7a7a98d0658fa713c390fc13e3b58

    • SHA256

      3220d05370089858afc641382a81dd7e36ee4ad2061addfaf9d70b966e20b718

    • SHA512

      65b54ebaeeb4738043de99d0b0426a734f1b5aef4b1060824f9483c61a68d71f3d7386e2673c8b6578f1decbd0d18ca31df3026101304b200e91770a2b3794d1

    • SSDEEP

      12288:6mdn4uUeOJon2ftsknVYzi9FCqW+mizBu0LbDcrnsCQYF9eNQvnoj/TY9VNh6T+6:6gTOJCciUPFCqTmiVt/crnbF9eKnM0V/

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks