Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7821d35c1866a3ecd43b15d6a171fd9f11d70907105cc27f6b7f0760ca86bccd.exe

  • Size

    738KB

  • Sample

    241018-cff15azeqf

  • MD5

    884358a9e9da158f576b7b7e42521d70

  • SHA1

    a9d488b27fc2d65df89c1049c9cdf380e37e435f

  • SHA256

    7821d35c1866a3ecd43b15d6a171fd9f11d70907105cc27f6b7f0760ca86bccd

  • SHA512

    630c905e255424dc8e54a8b945aaa5673e6ff25fe4e2f9713b73a3f5a622ff8f5d33bfc06ccecd85e5017bac27e31007c878acba32af509000a6c51fdaea0216

  • SSDEEP

    12288:javPpBdFOdWbKSYQNGHkROyGOs61IYZVAecgs9FMa1Mdq8jJN:javzLDK+NjDGMIYO7MoON

Malware Config

Targets

    • Target

      7821d35c1866a3ecd43b15d6a171fd9f11d70907105cc27f6b7f0760ca86bccd.exe

    • Size

      738KB

    • MD5

      884358a9e9da158f576b7b7e42521d70

    • SHA1

      a9d488b27fc2d65df89c1049c9cdf380e37e435f

    • SHA256

      7821d35c1866a3ecd43b15d6a171fd9f11d70907105cc27f6b7f0760ca86bccd

    • SHA512

      630c905e255424dc8e54a8b945aaa5673e6ff25fe4e2f9713b73a3f5a622ff8f5d33bfc06ccecd85e5017bac27e31007c878acba32af509000a6c51fdaea0216

    • SSDEEP

      12288:javPpBdFOdWbKSYQNGHkROyGOs61IYZVAecgs9FMa1Mdq8jJN:javzLDK+NjDGMIYO7MoON

    Score
    8/10
    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

    • Blocklisted process makes network request

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Variabelforklaringen.Adi

    • Size

      51KB

    • MD5

      b38fc73651b54a201ea1815e9fbdb7e1

    • SHA1

      11dcb7973511a7f58eacd0c6b519d4c57b843ece

    • SHA256

      3cd2de55689d75d77cd308184060364fcf48b990e025e918233e528a3373a27b

    • SHA512

      0e6055ab2c490f2c67184e3dea070f6b0d9cd0e557e1c51d792da53c4674d844d8d5c9a5dd036261437db2bb7b8b8e0425168ac143da01b2b1ce116540989b1d

    • SSDEEP

      1536:wzAstLJaBT7rCnMxEVnq50oJbvVWezp1PQwQ66FkvKbzd:wcsOTgYEVqnYc/Pw7zd

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks