Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
cbe674691782d8aff7f77e094a8c5a39111d29dad9d3c7b310192cb9e77c22b4
-
Size
284KB
-
Sample
250109-j9ll2awrfr
-
MD5
c217a4047e390777921797279e1d54ab
-
SHA1
15a8e2e8717de8c15c93e6128959ce8df2b21ba1
-
SHA256
cbe674691782d8aff7f77e094a8c5a39111d29dad9d3c7b310192cb9e77c22b4
-
SHA512
aeed089b971f3fd70f00e2ba22ecf7acae7de4f057eefa1a19954ff09e49efb1908890e5270a5a6b12a2edadec93b24e97a95e63b2181644bf814d92194df88a
-
SSDEEP
3072:rSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lCh:rPA6wxmuJspr2lg
Static task
static1
Behavioral task
behavioral1
Sample
cbe674691782d8aff7f77e094a8c5a39111d29dad9d3c7b310192cb9e77c22b4.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
cbe674691782d8aff7f77e094a8c5a39111d29dad9d3c7b310192cb9e77c22b4
-
Size
284KB
-
MD5
c217a4047e390777921797279e1d54ab
-
SHA1
15a8e2e8717de8c15c93e6128959ce8df2b21ba1
-
SHA256
cbe674691782d8aff7f77e094a8c5a39111d29dad9d3c7b310192cb9e77c22b4
-
SHA512
aeed089b971f3fd70f00e2ba22ecf7acae7de4f057eefa1a19954ff09e49efb1908890e5270a5a6b12a2edadec93b24e97a95e63b2181644bf814d92194df88a
-
SSDEEP
3072:rSQ0EWVwZhKxC5Rt+k60Zh+qw6PYSsszfHZTZJ2lCh:rPA6wxmuJspr2lg
-
Andromeda family
-
Detects Andromeda payload.
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-