Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
run.ps1
-
Size
43B
-
Sample
250107-fwrz4swjgx
-
MD5
cefc1c3285ecac3a02ccbc8e0cebb558
-
SHA1
7c2b049342ccd09474fcf8306c28c7d162c6d9b1
-
SHA256
95cd2e94c29d862fd16c2cc19b0916784cf9ab2b93c7b9d816d34fe22ee239f7
-
SHA512
b4a4dd60d8518e7629c6e5674d4cf185f7ce250f73dcfe110433d19933f2572bb814e54f234709a8d045f7c37a75298a36d537406c4002e4c0bb626c90eb22fc
Static task
static1
Behavioral task
behavioral1
Sample
run.ps1
Resource
win7-20240903-en
Malware Config
Extracted
https://simplerwebs.space/anrek.mp4
Extracted
https://klipdiheqoe.shop/ruwkl.png
Extracted
https://simplerwebs.space/anrek.mp4
Extracted
lumma
https://grooveoiy.cyou/api
Targets
-
-
Target
run.ps1
-
Size
43B
-
MD5
cefc1c3285ecac3a02ccbc8e0cebb558
-
SHA1
7c2b049342ccd09474fcf8306c28c7d162c6d9b1
-
SHA256
95cd2e94c29d862fd16c2cc19b0916784cf9ab2b93c7b9d816d34fe22ee239f7
-
SHA512
b4a4dd60d8518e7629c6e5674d4cf185f7ce250f73dcfe110433d19933f2572bb814e54f234709a8d045f7c37a75298a36d537406c4002e4c0bb626c90eb22fc
-
Lumma family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-