Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5919da35e7eb282a2e349c1846674797.bin

  • Size

    672KB

  • Sample

    240913-bltczawfqc

  • MD5

    62b42fa270ef875e01c059405f2de4e6

  • SHA1

    c7ddd8539ca7224a6ac8a9fca9953e90d4ae5806

  • SHA256

    f15cbe7b2db3d2653e9d1cbbfe269869eb38551529d1a9b481d429b6fc2a1735

  • SHA512

    f5598e1478f426d4d8be9afbcbf499cbf2b58b78b1240b59dba8debe53b23abf8d7e142f7b75ff352e487ec94ee9b6cbc6126591b8ad1f790a89fe8f01258558

  • SSDEEP

    12288:er+mACLUNEwJ70iYedXOZ6DZjdlIoOL5wT8yq0SZuCqRcz7rVb+d4dhBvP+czb8O:er+mAvvJ70iz+yxdlInL54hq0uYcX5KO

Score
8/10

Malware Config

Targets

    • Target

      PO Number - 9201000 - SOA - AUGUST END.exe

    • Size

      716KB

    • MD5

      8b2508fe6cfe3c2800515c3237a2be66

    • SHA1

      f6be344c56122715fe7c32161066afb3c56293cf

    • SHA256

      23d779bb0d3593cc8a56df736aeaad61ca79a1a9d692d6f78573837a520176e2

    • SHA512

      f7f4fe8f26fc148b8425807c6ac348b00f52da1b1c8866216f1fc5fbf17c75e153e44cd616c8dfe5ee5deb536d8b1e1f201f36e201962ee786d58e4f6c4c3ec7

    • SSDEEP

      12288:dK7kvDoQ/3U6pdyAwkxN8A4dr0WLKemdOTCX1oCrZWIi5s81cZnFaRExezBpr/:dKoT3FpYAtn81rHK3CCEIi+NZoEQr/

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks