Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

PO.exe

windows7-x64

7

PO.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a44c031c1d92b0fa360655b87d85934ccc817649aa01eb7fa69fe5d57ec98626

  • Size

    821KB

  • Sample

    241009-rn847s1dng

  • MD5

    3c3dccb49448c9a74c7c023a8dc343eb

  • SHA1

    d0c2edae719375516fd81bf96b5cea3643fab82f

  • SHA256

    a44c031c1d92b0fa360655b87d85934ccc817649aa01eb7fa69fe5d57ec98626

  • SHA512

    6fcade12e7b76667f8ce05c79f607e340f30ab19a04ba2cf19c34e0967fd56d62a7d107e66aecfb7cdbc9036607d0f3ee6f6cf065f0ef6f0d39c54b5d9353b2c

  • SSDEEP

    12288:4SwroX1NC8Eyu0R2idyRE6sgVH4wUdxaR7nopKOqJNrQqMuAX/dKi3yC:4N4XC8E8pdYLs64wYxS0oOqJNrhLi3l

Score
7/10
collectiondiscovery

Malware Config

Targets

    • Target

      PO.exe

    • Size

      1.1MB

    • MD5

      58a16cefc34d499992c3ad9b4290bc7e

    • SHA1

      afc3bf366c0508c51316e70a82998267c4bbcebe

    • SHA256

      aa79f8112d7a9d741543bd4ee61ba8a95ead29f15092e03191c58e78a11a63da

    • SHA512

      4eaca4e0d3a1294748516ec9013948716f95cb40632848e9b3e97101c2fc8d596b1f1ebf04106efd5e09738eaa44e03dca6888d492b2a123da56af90257ed372

    • SSDEEP

      24576:WfmMv6Ckr7Mny5QLZ9sO4mAxMMWOwRNr5rOvb:W3v+7/5QLLbAxMhOwrrm

    Score
    7/10
    collectiondiscovery

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks