Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c35a9838661e64cacf557b7553a6bf14.bin
-
Size
3.0MB
-
Sample
240904-cbhddsthpf
-
MD5
18b180ac881079e50df7098dd6ed67d6
-
SHA1
a40739a2c7bb3364108ba074f443eabeb6965c7d
-
SHA256
ce0ed6a67a402c7b98cc425327744e4be1a47d827fc6e9035dd51f40596194e2
-
SHA512
ff6f97d783113c67565af5ca2548244eb22bfebc2f29c2d6d1588d3a0f88cbcd3021b67e62d9e0bfcebb6c3ae8f263ce06c6a69d4560450018036b15c139227b
-
SSDEEP
49152:idvDx8y4rHUv/4GMlIRIwTpTK5TR5kV/q1ARG3vi8SZ7b8RsohOGE+dkvLK5QRGE:icywO/4GMlkhlOV9AA31SZ3YkTK2RGE
Static task
static1
Behavioral task
behavioral1
Sample
File.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
File.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
File.exe
-
Size
700.0MB
-
MD5
2d711238d2380ec38a26df40bad4e20e
-
SHA1
b07236d16e3ba670e8e1eeaf99b3dcc83ef926b8
-
SHA256
b6663d2a2b61ed7f49cb4f6d83e5fb291ebe50ff9bc15a9cfaf114b7cf99350f
-
SHA512
7445715118ffc24beed17a15e367658f11040804f9f9dc0e0351bb9192fa2be3860353d6c3f98deea36797ec5815d284e4cdbc06bedc51f9ae087203ff43f0e2
-
SSDEEP
49152:Jpd9HxrLr9xHMtMFRgUkYxZKXkgW9pUgLMRXlhWZ+52GeqooQ7wtwrn:JpbU2XZgWukZ+VDooyswrn
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-