Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
870be08f4682007c1ae7a069a63b8e737dc388b6551ebfb0a96a310d9c996371.zip
-
Size
1.7MB
-
Sample
240911-n2hydsydqj
-
MD5
19ba7a6c9917ad616873b47453fdf4c2
-
SHA1
1abb611a81535a0d27958c8ee2c3f2744f0ffdb4
-
SHA256
2de688735caaaff53236896a834ff7ae39b0e22da08bf459d0954b54d61ca692
-
SHA512
c70b8819eeaff625095980f693f451ede5a690562e8e2c8bf9610ff91d90047d2ea452b1ef0816de3607b529a14a48a0487bfe75961a0d228d0732c8f281ad4f
-
SSDEEP
49152:iBDko5Z4g7oGNdwA10BJM4iDus3M3erA3Jsb:kDJ5noGNf8W4nsWZ3Kb
Static task
static1
Behavioral task
behavioral1
Sample
870be08f4682007c1ae7a069a63b8e737dc388b6551ebfb0a96a310d9c996371.vbs
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
870be08f4682007c1ae7a069a63b8e737dc388b6551ebfb0a96a310d9c996371.vbs
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
870be08f4682007c1ae7a069a63b8e737dc388b6551ebfb0a96a310d9c996371.vbs
-
Size
2.4MB
-
MD5
bd7a77c470549aad52435b8b7b785c36
-
SHA1
b18ff781161ff4c4bb3e91825053bed3d280ed20
-
SHA256
870be08f4682007c1ae7a069a63b8e737dc388b6551ebfb0a96a310d9c996371
-
SHA512
7217805ec612b984672c4cd498b0cc3d8e9cc463fab70bef0fdd96276f1fe93425e03777999c266a876161444699bb09738d2b19154b378316af6118cc48445a
-
SSDEEP
49152:xBy7kDIlpNx0KQTuJlDl7QVqXhmfOUJ3bapil:a1o
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-