Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fe102286866ca9377249551ec2794b4564fb00f5cf21b4c9992040b3b13b2c77N

  • Size

    6.7MB

  • Sample

    240921-srmaaazcjr

  • MD5

    608fe9a6d6ef81a885f55a989f45b710

  • SHA1

    e9e60dd64b66f324ce953554179f3d3c5544f0ca

  • SHA256

    fe102286866ca9377249551ec2794b4564fb00f5cf21b4c9992040b3b13b2c77

  • SHA512

    670067a4211326eaa995d3f3817ec4dbf0075b042882d46de1aa9ec98794fa1acf722c2cf81111df1fb41afca292c70a6324be389f17f304bfe85a94a3177393

  • SSDEEP

    196608:HC7vgxkdo2BI5dUCz8PtxCvFSRPwdUCFqP6tc:H+vbdo+I4KsSCYtkiC

Malware Config

Targets

    • Target

      fe102286866ca9377249551ec2794b4564fb00f5cf21b4c9992040b3b13b2c77N

    • Size

      6.7MB

    • MD5

      608fe9a6d6ef81a885f55a989f45b710

    • SHA1

      e9e60dd64b66f324ce953554179f3d3c5544f0ca

    • SHA256

      fe102286866ca9377249551ec2794b4564fb00f5cf21b4c9992040b3b13b2c77

    • SHA512

      670067a4211326eaa995d3f3817ec4dbf0075b042882d46de1aa9ec98794fa1acf722c2cf81111df1fb41afca292c70a6324be389f17f304bfe85a94a3177393

    • SSDEEP

      196608:HC7vgxkdo2BI5dUCz8PtxCvFSRPwdUCFqP6tc:H+vbdo+I4KsSCYtkiC

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Indirect Command Execution

      Adversaries may abuse utilities that allow for command execution to bypass security restrictions that limit the use of command-line interpreters.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks