Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

07/09/2024, 22:52

240907-2tknxasdmf 7

07/09/2024, 22:48

240907-2rdsksscld 5

General

  • Target

    launcher.exe

  • Size

    23.3MB

  • Sample

    240907-2tknxasdmf

  • MD5

    acbe026a6fdfa363b20e8aaaa7b34a18

  • SHA1

    9ef0bf98273997fc361e2b2f14add32376be39b9

  • SHA256

    88bbee7f714c1072b3698998180acf7831d79e1aab8edcc5b7e7f1195250a1d0

  • SHA512

    df0f2df566e8ab8ce20411a7c8f393089473cc0ebb1ea0c8874c17ff77f966455e73ac027e294978ba35121d42b46a3ba44ec3ec11c4512905969b39ccf2b304

  • SSDEEP

    393216:NcL2/d809AhDhvIzPtCEw1vibuRZ2dV4n2SCSJsq6f3k44MrEYDEyM8avc:NiB0iDWzPtw1KbaZ2dmnVC0p4dEYvM8

Malware Config

Targets

    • Target

      launcher.exe

    • Size

      23.3MB

    • MD5

      acbe026a6fdfa363b20e8aaaa7b34a18

    • SHA1

      9ef0bf98273997fc361e2b2f14add32376be39b9

    • SHA256

      88bbee7f714c1072b3698998180acf7831d79e1aab8edcc5b7e7f1195250a1d0

    • SHA512

      df0f2df566e8ab8ce20411a7c8f393089473cc0ebb1ea0c8874c17ff77f966455e73ac027e294978ba35121d42b46a3ba44ec3ec11c4512905969b39ccf2b304

    • SSDEEP

      393216:NcL2/d809AhDhvIzPtCEw1vibuRZ2dV4n2SCSJsq6f3k44MrEYDEyM8avc:NiB0iDWzPtw1KbaZ2dmnVC0p4dEYvM8

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks