Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Buff Achievement Tracker - Installer.exe

  • Size

    2.1MB

  • Sample

    241009-2t5n3szhkd

  • MD5

    4aef76b2b5be3aa5e66720f362a91055

  • SHA1

    9b0f51fa0b4c85849dc4c6f382b57da3dc854b11

  • SHA256

    be40862059a0af3e38dadff81101857894611a6fa8b7fc0f69aef382a311a6d7

  • SHA512

    023695d2de20dacb610f3e92dbb587aa7ebd9b9512696f6047632197b7ace9f52c6cea9daa804650cc7b48513a0358451c8b47da4822bb53abac89c0153b63e0

  • SSDEEP

    49152:cyb8YxE87vxpsrFpIvjRy1up/g1+sCYHzNsxicUm:c68aPN+TIvj81upG+8HF

Malware Config

Targets

    • Target

      Buff Achievement Tracker - Installer.exe

    • Size

      2.1MB

    • MD5

      4aef76b2b5be3aa5e66720f362a91055

    • SHA1

      9b0f51fa0b4c85849dc4c6f382b57da3dc854b11

    • SHA256

      be40862059a0af3e38dadff81101857894611a6fa8b7fc0f69aef382a311a6d7

    • SHA512

      023695d2de20dacb610f3e92dbb587aa7ebd9b9512696f6047632197b7ace9f52c6cea9daa804650cc7b48513a0358451c8b47da4822bb53abac89c0153b63e0

    • SSDEEP

      49152:cyb8YxE87vxpsrFpIvjRy1up/g1+sCYHzNsxicUm:c68aPN+TIvj81upG+8HF

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

MITRE ATT&CK Enterprise v15

Tasks