Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35

  • Size

    151KB

  • Sample

    240902-zv3vrsyaqa

  • MD5

    57ae9a272db8afd8070654e33aad712e

  • SHA1

    7d843ebfbc5f3c39fae771282397fb32167ec1c1

  • SHA256

    89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35

  • SHA512

    17446c77f0fc0058a7b947c4460c362bccccc9262a9543a9680bc6c8ff83219319656853665e33a7b295e91908b31159bc7b9351271896791f0cc2d18815c6dd

  • SSDEEP

    3072:hcKoSsxzNDZLDZjlbR868O8KlVH3dehvMqAPjxO5xyZUE5V5xtezEVg8/dg1Gx0n:hcKoSsxzNDZLDZjlbR868O8KlVH3dehD

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://aishyana.com/wp-admin/6pY001tdOxYb10/

exe.dropper

https://nccikeja.com/back/lOo46UEiVanm/

exe.dropper

https://mail.themintlist.com/wp-includes/S5xbjWOoM75ysw9xaM/

exe.dropper

https://karaah.com/kvxtqec/L8mqXiKjN95uoFOQqDS/

exe.dropper

https://mail.terinhumphrey.com/tasty-crab-promo/qBdohcsqomjFk/

exe.dropper

https://mail.gymcoachjose.com/ew9iwl/av20pfJZ44/

exe.dropper

https://sahayoghospitals.com/older/NFPLtNt4M3D1yYt/

exe.dropper

http://3.130.37.158/wp-admin/YDjVQgZv/

exe.dropper

https://stntools.com/js/uhTyC/

exe.dropper

https://www.dirtduel.com/db/v4gdL66Y/

exe.dropper

https://advancedguerrillamarketing.com/assets/oUD/

exe.dropper

https://orelco.net/wp-admin/5NiO/

exe.dropper

http://gainc.info/product3_files/PwAGXtbf6tn5r/

exe.dropper

https://astronomy24x7.com/wp-content/05ZGtxtrfIxNVb0M/

Targets

    • Target

      89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35

    • Size

      151KB

    • MD5

      57ae9a272db8afd8070654e33aad712e

    • SHA1

      7d843ebfbc5f3c39fae771282397fb32167ec1c1

    • SHA256

      89dbb0e62b66305ca1fee67fa6832cf321ec12e636799c18e0d7e1aeddce8c35

    • SHA512

      17446c77f0fc0058a7b947c4460c362bccccc9262a9543a9680bc6c8ff83219319656853665e33a7b295e91908b31159bc7b9351271896791f0cc2d18815c6dd

    • SSDEEP

      3072:hcKoSsxzNDZLDZjlbR868O8KlVH3dehvMqAPjxO5xyZUE5V5xtezEVg8/dg1Gx0n:hcKoSsxzNDZLDZjlbR868O8KlVH3dehD

    Score
    10/10
    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks