Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76N.exe
-
Size
300KB
-
Sample
241204-ba65payncj
-
MD5
fcd439495e41589b112ec0fdc23dd260
-
SHA1
5c870d4cc86f6a773769ec4fa663bfe599df8665
-
SHA256
8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76
-
SHA512
f1548bb5b549d9b49fae7d56be77466e5a135cdb083ec26af7ed1de0a02b8de8c21c8a3b934994bc06af76b2b59ea10faf5d8b0ea36303d4c3a7bffaf402cf0c
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38GG:UsxD5cwohO+O1sVG0/pZ6iPC8I
Static task
static1
Behavioral task
behavioral1
Sample
8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76N.exe
-
Size
300KB
-
MD5
fcd439495e41589b112ec0fdc23dd260
-
SHA1
5c870d4cc86f6a773769ec4fa663bfe599df8665
-
SHA256
8d7f44884ac78b65e8929b71d7b7b0003fa3dd248bd03877b64432c7023b2d76
-
SHA512
f1548bb5b549d9b49fae7d56be77466e5a135cdb083ec26af7ed1de0a02b8de8c21c8a3b934994bc06af76b2b59ea10faf5d8b0ea36303d4c3a7bffaf402cf0c
-
SSDEEP
3072:Ue2A0wxDqUpM5scww4chO+O1BmP5DG0sg3i4XZ9WvDZHwdRX/L+gP38GG:UsxD5cwohO+O1sVG0/pZ6iPC8I
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-