Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4f0ba9092f3cb4cdd6dce1063c63be405148f5b9713a00a450cee684258f71c6N

  • Size

    257KB

  • Sample

    241013-zbskpaxbpe

  • MD5

    cd61032ae7bcdd087a60824958f966a0

  • SHA1

    144aa2d9732ccd1c3a71833dbc30cd975e84c6d6

  • SHA256

    4f0ba9092f3cb4cdd6dce1063c63be405148f5b9713a00a450cee684258f71c6

  • SHA512

    211318757eff85e63cde3cde723b790abce8af1e8b8712acc5569281f925aeca04b3076ada55a0287b1655d68a5ef1c511978be824ba54a148c645d7500df38d

  • SSDEEP

    3072:Og9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgxbaA:UeC4EwZFoobUk8qp0qpgqOZ

Malware Config

Targets

    • Target

      4f0ba9092f3cb4cdd6dce1063c63be405148f5b9713a00a450cee684258f71c6N

    • Size

      257KB

    • MD5

      cd61032ae7bcdd087a60824958f966a0

    • SHA1

      144aa2d9732ccd1c3a71833dbc30cd975e84c6d6

    • SHA256

      4f0ba9092f3cb4cdd6dce1063c63be405148f5b9713a00a450cee684258f71c6

    • SHA512

      211318757eff85e63cde3cde723b790abce8af1e8b8712acc5569281f925aeca04b3076ada55a0287b1655d68a5ef1c511978be824ba54a148c645d7500df38d

    • SSDEEP

      3072:Og9OBT3Be2Q6khQiCCuefXxzk6iGcbPChEdGZFR2obD4CTvek5WNQp0qYutgxbaA:UeC4EwZFoobUk8qp0qpgqOZ

    • Modifies Windows Defender Real-time Protection settings

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks