Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    custom.bat

  • Size

    4KB

  • Sample

    240908-hkm8wsthle

  • MD5

    1c63745d54962d205bb3ae879bea1ed4

  • SHA1

    a832c894a4e2b6d486c48b9ea6ec79d94df9537e

  • SHA256

    396ea933ebc00327d2ea983206ccd2a832999c28a7df070000fe9874890b5a0e

  • SHA512

    129d73d0fd5967b232c54d50bc94ed171dd2ee5da2222b18bd350b42808799575a3a726c7b0b46b65d2717d025b9ebeb424a834f42540daf8308be3171a4af39

  • SSDEEP

    96:NQN1Vh0eAwx86mwCVHVsOvx8vXSu7eQ/GdZj/BawH6im7BFVPhGHixL:NOueA8CVHiOvx8vC0emG7LBawH6/Yix

Malware Config

Targets

    • Target

      custom.bat

    • Size

      4KB

    • MD5

      1c63745d54962d205bb3ae879bea1ed4

    • SHA1

      a832c894a4e2b6d486c48b9ea6ec79d94df9537e

    • SHA256

      396ea933ebc00327d2ea983206ccd2a832999c28a7df070000fe9874890b5a0e

    • SHA512

      129d73d0fd5967b232c54d50bc94ed171dd2ee5da2222b18bd350b42808799575a3a726c7b0b46b65d2717d025b9ebeb424a834f42540daf8308be3171a4af39

    • SSDEEP

      96:NQN1Vh0eAwx86mwCVHVsOvx8vXSu7eQ/GdZj/BawH6im7BFVPhGHixL:NOueA8CVHiOvx8vC0emG7LBawH6/Yix

    • Possible privilege escalation attempt

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

    • Adds Run key to start application

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks