Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

power syst...df.exe

windows7-x64

7

power syst...df.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    daa053b4eda32444723099d6f54ecb22ff53581753ecd4ccb455f68c74dc8aa4.zip

  • Size

    21.7MB

  • Sample

    240903-c8k6jswfnc

  • MD5

    4f8f23b586bc0faa1da6887f5ec7d850

  • SHA1

    faa6fcd91fa1397f499f43c87af689afc31bac99

  • SHA256

    daa053b4eda32444723099d6f54ecb22ff53581753ecd4ccb455f68c74dc8aa4

  • SHA512

    853d0d047bedb270d9fe627d69355db4b46e8316481b546d7042f50047b165b86a308242254d7b9c6498b1005ecfd41413b6b30a12f66aa9e181a6245bb6d129

  • SSDEEP

    393216:/+jAzbaYE4kP/ltUo2mAZBHifYIFbaNVo8D5o6ekwAqfzO9Q7n2Nqn8B5FJUMSVe:/aAzmYEJumIBCfY0ba/xDukwHJ2EnO59

Score
7/10
discovery

Malware Config

Targets

    • Target

      power systems ii.pdf.exe

    • Size

      901.1MB

    • MD5

      d3d8447da77feabf7a266b412da8cbde

    • SHA1

      260a441639ead58821da8de6e501b2934deae78a

    • SHA256

      105fd27d53a08971c376126b2a42f012210b99e9ffad0e6dedb2c04324684062

    • SHA512

      f3944b3ecbd7f497c1ce062a5d6c17c41e45e32fcbb8ee768473e905c81d7920607025957122af38c912d9892393ab526ff0d4e5370a6dff030cb749d3ec48b5

    • SSDEEP

      393216:tNV5braq2dLlOh0t1gtXDG3UT8DZdaP4kiMMlbZzU7uGFzwBXB:tNV5Paq2T12DG3IqZ6diMUbC7uIzYR

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks