Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5a58751cba015e98e899c398e9f6d8d5430eb2f3834e893d41417d60abeb3646N

  • Size

    1.9MB

  • Sample

    240921-cg84aszfpp

  • MD5

    81d0918a2296405ef0713a2b30a01040

  • SHA1

    6a260313494f36654e4588a8940fa1f114795d74

  • SHA256

    5a58751cba015e98e899c398e9f6d8d5430eb2f3834e893d41417d60abeb3646

  • SHA512

    ab802cc094af1c429bcefb04e2aaee187b8b1e1233c22fc1b3aba469f37606d73707ede9dec1af3c47f032da26337644757c982ae721d52d4867da554d8691ad

  • SSDEEP

    49152:4LIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Zl:0IUXQgBiI6i2KFU0yBfM7a9QDosGeo4w

Malware Config

Targets

    • Target

      5a58751cba015e98e899c398e9f6d8d5430eb2f3834e893d41417d60abeb3646N

    • Size

      1.9MB

    • MD5

      81d0918a2296405ef0713a2b30a01040

    • SHA1

      6a260313494f36654e4588a8940fa1f114795d74

    • SHA256

      5a58751cba015e98e899c398e9f6d8d5430eb2f3834e893d41417d60abeb3646

    • SHA512

      ab802cc094af1c429bcefb04e2aaee187b8b1e1233c22fc1b3aba469f37606d73707ede9dec1af3c47f032da26337644757c982ae721d52d4867da554d8691ad

    • SSDEEP

      49152:4LIUXQgBiI6i2KFU0yBfM7a9QDosGeo403e0CpcKYGIDlWIwRBOn5PvGYKMf/1Zl:0IUXQgBiI6i2KFU0yBfM7a9QDosGeo4w

    • Modifies firewall policy service

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks