Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
appFiile_x64x86.zip
-
Size
7.5MB
-
Sample
241003-srrj1awakg
-
MD5
e08cf6d5eee2225e42c23d0fc43f099c
-
SHA1
fa0ea9929d3b27871a437fbfa1a534094bd09839
-
SHA256
58b0985b45d713c9a03c2ef9595270129a529d7568918bd86a7f05942941b317
-
SHA512
42ff2e3642a5336414a1d36fb971c25eae786c44b347b823d272b73b6ec76c0492eac4c3c2b8d7d3dcc45db4cd03a3f9560ae7319ae2f2bade526fac30519ec6
-
SSDEEP
196608:EVulvUX6PQFrV6xdKwGaq5xKYpBEajLTlPCrpCUUtwT+B7tk0eBU/DX:EzPvKdWLFEajLRagUUtM+VO09rX
Static task
static1
Behavioral task
behavioral1
Sample
AppFile.exe
Resource
win10-20240404-es
Behavioral task
behavioral2
Sample
AppFile.exe
Resource
win7-20240903-es
Behavioral task
behavioral3
Sample
AppFile.exe
Resource
win10v2004-20240802-es
Behavioral task
behavioral4
Sample
sqlite.dll
Resource
win10-20240404-es
Behavioral task
behavioral5
Sample
sqlite.dll
Resource
win7-20240708-es
Malware Config
Targets
-
-
Target
AppFile.exe
-
Size
179KB
-
MD5
7307f847abfcd35990a654365798aa0d
-
SHA1
db4657fbc9f8a455b1d2859d79a76e55802c490e
-
SHA256
2459237113947163c34ed3d3abc3dcf5599e68d193ee55e2c3590a30a1b7c8fd
-
SHA512
c773c8a646d0fa2a0fbe7ed0227fbde4fc8049ebb81d5525f477774117242181b5c7a3de52b9091cd44c7b4f335151488e4287535524e8ef639c2fe6e084d3c0
-
SSDEEP
3072:HRbKsrzJCso3JOGyQdrQO7TxoX6DCcbo/XopLxXHPQ/UEYJ:xzro3J3dXGKOXopLNvQ/UEYJ
-
Modifies firewall policy service
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
-
-
Target
sqlite.dll
-
Size
5.3MB
-
MD5
b073f1111619c4a7539a0110d2387ff1
-
SHA1
50058b937602e4b14c7e36e7e36c498cd45b10f7
-
SHA256
b105a20ec8cf2aa1868689019cbf76bab597c1ed88082b8481c08090526be633
-
SHA512
23917a90b58faef995f2f5f73e140b8a540fb58f49c88a42d95b94f603b61e7921c8bb6df6170fadb81d33963632b04644f5d48c941fd69914a54db3e3811d83
-
SSDEEP
98304:Q12tW5t8QTrNQrDxJSB695pyYbdwYdP+e7WaTnGSAp9sPrP/nHXOk2:e2Ij8QTrNQrDOEDp+Yd7yaTRPj2X
-
Modifies firewall policy service
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-