Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup_AccountManager.exe

  • Size

    356.5MB

  • Sample

    240906-q3ba2szfmb

  • MD5

    ee89d9c23cbd9e3d95186b63036590ba

  • SHA1

    0c6e60760615292071992df7e1798857ea543de3

  • SHA256

    1c0cfd2df682cd04b36c2f800d26885cddb2584e2f9ccfa524b5361d7da5e1f0

  • SHA512

    2c7fee89a07e45610d4130741325890adb21d55d521670af88e4adb7cfd3ca0b4fa4de5ae61de348b3538815146c673abecaf88e8d20f0128fbd5df672280823

  • SSDEEP

    6291456:kNMAmoa+1xzdLEv/440fyFnyEZ6tZF/sGuNJzO1eNaLtA22s1V1WbauWsrxc1:sNmopxzdLEYrKn+PF/AJzO1JLUgV1gWX

Score
7/10

Malware Config

Targets

    • Target

      Setup_AccountManager.exe

    • Size

      356.5MB

    • MD5

      ee89d9c23cbd9e3d95186b63036590ba

    • SHA1

      0c6e60760615292071992df7e1798857ea543de3

    • SHA256

      1c0cfd2df682cd04b36c2f800d26885cddb2584e2f9ccfa524b5361d7da5e1f0

    • SHA512

      2c7fee89a07e45610d4130741325890adb21d55d521670af88e4adb7cfd3ca0b4fa4de5ae61de348b3538815146c673abecaf88e8d20f0128fbd5df672280823

    • SSDEEP

      6291456:kNMAmoa+1xzdLEv/440fyFnyEZ6tZF/sGuNJzO1eNaLtA22s1V1WbauWsrxc1:sNmopxzdLEYrKn+PF/AJzO1JLUgV1gWX

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Password Policy Discovery

      Attempt to access detailed information about the password policy used within an enterprise network.

MITRE ATT&CK Enterprise v15

Tasks