Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Downloader.hta

windows7-x64

8

Downloader.hta

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Downloader.hta

  • Size

    895B

  • Sample

    250327-r6dq1sttgz

  • MD5

    e8a17a8d10a7eb69749cb844c4665437

  • SHA1

    c9e8cd7836a8c510effef73909f9d9a53a8cc45b

  • SHA256

    3a5485ddacf5d788e1b8f4bbd74184b29ccda60dfdf76965ddcc7e42a8bd6c65

  • SHA512

    7de295476887ca487060aae04eaa1ce9eddf06af07df69465cb05c60f816df7d711035386000d8398877a68e1a9f86ceb3e9ac50c764421a5ce538748c6b61c0

Score
8/10
discoverydropper

Malware Config

Targets

    • Target

      Downloader.hta

    • Size

      895B

    • MD5

      e8a17a8d10a7eb69749cb844c4665437

    • SHA1

      c9e8cd7836a8c510effef73909f9d9a53a8cc45b

    • SHA256

      3a5485ddacf5d788e1b8f4bbd74184b29ccda60dfdf76965ddcc7e42a8bd6c65

    • SHA512

      7de295476887ca487060aae04eaa1ce9eddf06af07df69465cb05c60f816df7d711035386000d8398877a68e1a9f86ceb3e9ac50c764421a5ce538748c6b61c0

    Score
    8/10
    discoverydropper

    • Download via BitsAdmin

      dropper

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks