Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cbeb96fb1e02d1f50a6d5319ec6eb460N.exe
-
Size
284KB
-
Sample
240905-whn93axbne
-
MD5
cbeb96fb1e02d1f50a6d5319ec6eb460
-
SHA1
d8e56d7321936f1b8aae77bb66ef16751f421dd7
-
SHA256
1aa212eb78cdffde7c302f586ce3d2849d79914f428f56988ee759c790604bb5
-
SHA512
be390a0e77480840d337b5417492eac468c43bb1c31a55e5051505c7c0315e8d1bbcd9b2163077d6a0b79393219b82159ed96cdae59354b48a5a0a9ba2c8ddbe
-
SSDEEP
6144:PtqYGLbcMQgKO3HTOnNRS4O23Ra/MzxDnunDbu:Ptqx5KO3zONkpwRGMNDEO
Static task
static1
Behavioral task
behavioral1
Sample
cbeb96fb1e02d1f50a6d5319ec6eb460N.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
cbeb96fb1e02d1f50a6d5319ec6eb460N.exe
-
Size
284KB
-
MD5
cbeb96fb1e02d1f50a6d5319ec6eb460
-
SHA1
d8e56d7321936f1b8aae77bb66ef16751f421dd7
-
SHA256
1aa212eb78cdffde7c302f586ce3d2849d79914f428f56988ee759c790604bb5
-
SHA512
be390a0e77480840d337b5417492eac468c43bb1c31a55e5051505c7c0315e8d1bbcd9b2163077d6a0b79393219b82159ed96cdae59354b48a5a0a9ba2c8ddbe
-
SSDEEP
6144:PtqYGLbcMQgKO3HTOnNRS4O23Ra/MzxDnunDbu:Ptqx5KO3zONkpwRGMNDEO
-
Modifies WinLogon for persistence
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
2