Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    94c85f4f20b93646b67768ac6ec85ed729e9de0e334a69dec4f821b95b8a1f41

  • Size

    4.9MB

  • Sample

    220524-s8ypmscbel

  • MD5

    b741d9eaaa2f68f9370b52ac5e598554

  • SHA1

    e90bebf43fbedac0aa78fa92ca927b5a81d10983

  • SHA256

    94c85f4f20b93646b67768ac6ec85ed729e9de0e334a69dec4f821b95b8a1f41

  • SHA512

    8bf8cef7e79f3b75a25031fe720a5d14f1d16cfbbf049aa16700172970a2312bfac378aa2a5f6fb376c1dfa946fff7fa3698c4a8d7f1a4fd761d0d815280004c

Malware Config

Targets

    • Target

      94c85f4f20b93646b67768ac6ec85ed729e9de0e334a69dec4f821b95b8a1f41

    • Size

      4.9MB

    • MD5

      b741d9eaaa2f68f9370b52ac5e598554

    • SHA1

      e90bebf43fbedac0aa78fa92ca927b5a81d10983

    • SHA256

      94c85f4f20b93646b67768ac6ec85ed729e9de0e334a69dec4f821b95b8a1f41

    • SHA512

      8bf8cef7e79f3b75a25031fe720a5d14f1d16cfbbf049aa16700172970a2312bfac378aa2a5f6fb376c1dfa946fff7fa3698c4a8d7f1a4fd761d0d815280004c

    • Modifies WinLogon for persistence

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks