Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30

  • Size

    6.9MB

  • Sample

    220625-ke6jdsdbbm

  • MD5

    9e2ebebe5395613570f74fbb81fee5ab

  • SHA1

    57d18968757efe10c0a87bba5cc55797653bb352

  • SHA256

    39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30

  • SHA512

    cb1101a1e978330666099b8b8ececd72fecd9163a15f544c509522bd36be11adf54a8514d37dc306d78a105d4e79b11132b8fc3c35d32187ab55f4ea18e1b580

Malware Config

Targets

    • Target

      39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30

    • Size

      6.9MB

    • MD5

      9e2ebebe5395613570f74fbb81fee5ab

    • SHA1

      57d18968757efe10c0a87bba5cc55797653bb352

    • SHA256

      39c629890b83c16730a8f14dcda8433af706d16321c2b690ee31ea3a51a81c30

    • SHA512

      cb1101a1e978330666099b8b8ececd72fecd9163a15f544c509522bd36be11adf54a8514d37dc306d78a105d4e79b11132b8fc3c35d32187ab55f4ea18e1b580

    • RMS

      Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks