Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
daa053b4eda32444723099d6f54ecb22ff53581753ecd4ccb455f68c74dc8aa4.zip
-
Size
21.7MB
-
Sample
240903-c8k6jswfnc
-
MD5
4f8f23b586bc0faa1da6887f5ec7d850
-
SHA1
faa6fcd91fa1397f499f43c87af689afc31bac99
-
SHA256
daa053b4eda32444723099d6f54ecb22ff53581753ecd4ccb455f68c74dc8aa4
-
SHA512
853d0d047bedb270d9fe627d69355db4b46e8316481b546d7042f50047b165b86a308242254d7b9c6498b1005ecfd41413b6b30a12f66aa9e181a6245bb6d129
-
SSDEEP
393216:/+jAzbaYE4kP/ltUo2mAZBHifYIFbaNVo8D5o6ekwAqfzO9Q7n2Nqn8B5FJUMSVe:/aAzmYEJumIBCfY0ba/xDukwHJ2EnO59
Static task
static1
Behavioral task
behavioral1
Sample
power systems ii.pdf.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
power systems ii.pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
power systems ii.pdf.exe
-
Size
901.1MB
-
MD5
d3d8447da77feabf7a266b412da8cbde
-
SHA1
260a441639ead58821da8de6e501b2934deae78a
-
SHA256
105fd27d53a08971c376126b2a42f012210b99e9ffad0e6dedb2c04324684062
-
SHA512
f3944b3ecbd7f497c1ce062a5d6c17c41e45e32fcbb8ee768473e905c81d7920607025957122af38c912d9892393ab526ff0d4e5370a6dff030cb749d3ec48b5
-
SSDEEP
393216:tNV5braq2dLlOh0t1gtXDG3UT8DZdaP4kiMMlbZzU7uGFzwBXB:tNV5Paq2T12DG3IqZ6diMUbC7uIzYR
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-