Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c35a9838661e64cacf557b7553a6bf14.bin

  • Size

    3.0MB

  • Sample

    240904-cbhddsthpf

  • MD5

    18b180ac881079e50df7098dd6ed67d6

  • SHA1

    a40739a2c7bb3364108ba074f443eabeb6965c7d

  • SHA256

    ce0ed6a67a402c7b98cc425327744e4be1a47d827fc6e9035dd51f40596194e2

  • SHA512

    ff6f97d783113c67565af5ca2548244eb22bfebc2f29c2d6d1588d3a0f88cbcd3021b67e62d9e0bfcebb6c3ae8f263ce06c6a69d4560450018036b15c139227b

  • SSDEEP

    49152:idvDx8y4rHUv/4GMlIRIwTpTK5TR5kV/q1ARG3vi8SZ7b8RsohOGE+dkvLK5QRGE:icywO/4GMlkhlOV9AA31SZ3YkTK2RGE

Score
7/10

Malware Config

Targets

    • Target

      File.exe

    • Size

      700.0MB

    • MD5

      2d711238d2380ec38a26df40bad4e20e

    • SHA1

      b07236d16e3ba670e8e1eeaf99b3dcc83ef926b8

    • SHA256

      b6663d2a2b61ed7f49cb4f6d83e5fb291ebe50ff9bc15a9cfaf114b7cf99350f

    • SHA512

      7445715118ffc24beed17a15e367658f11040804f9f9dc0e0351bb9192fa2be3860353d6c3f98deea36797ec5815d284e4cdbc06bedc51f9ae087203ff43f0e2

    • SSDEEP

      49152:Jpd9HxrLr9xHMtMFRgUkYxZKXkgW9pUgLMRXlhWZ+52GeqooQ7wtwrn:JpbU2XZgWukZ+VDooyswrn

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks