Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460
-
Size
10.0MB
-
Sample
241010-m8qq5szekk
-
MD5
533bfb0b0899b58c68010571c3805ad9
-
SHA1
c2870181144ea91b8d1df1c4d4e0ad02b23ce181
-
SHA256
12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460
-
SHA512
d8eec2b6ab81dbf7fdf23818bc45833ebffa9135b8d0fa32f34d876f9c439e33690a1d4cccfaba80dddb15e47e944dd1daee8bddf6230a7c3a664ceb5530ce44
-
SSDEEP
196608:cGlS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:nlRrDjtLKkOa8ps6puAktIz
Static task
static1
Behavioral task
behavioral1
Sample
12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460
-
Size
10.0MB
-
MD5
533bfb0b0899b58c68010571c3805ad9
-
SHA1
c2870181144ea91b8d1df1c4d4e0ad02b23ce181
-
SHA256
12c4d83b12af229b3c79d71f9f519a75417e91acf10e48292c5c6e75ae3a8460
-
SHA512
d8eec2b6ab81dbf7fdf23818bc45833ebffa9135b8d0fa32f34d876f9c439e33690a1d4cccfaba80dddb15e47e944dd1daee8bddf6230a7c3a664ceb5530ce44
-
SSDEEP
196608:cGlS0NTxePePDdh0iCULKkOa8z1s6NXuAktmBlU4I4:nlRrDjtLKkOa8ps6puAktIz
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1