Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4c516d6227d8a5ea4c3a80b546b5f29bd1e8aacb2c4256fb386057587c2943d0

  • Size

    634KB

  • Sample

    220919-ewybfsbghn

  • MD5

    017b8a7a22581976656ad53727af5fb9

  • SHA1

    8f67369cf81554209a26ac4f8b691e9571526f30

  • SHA256

    4c516d6227d8a5ea4c3a80b546b5f29bd1e8aacb2c4256fb386057587c2943d0

  • SHA512

    73c5f0695ebce04c79587a4304682f4f1c4190d7d295b5a9e01669a3430a5c673eba572b1fd339711038f663a52ddd2f706c27a8d543b0a0ce1e6e7140fb923b

  • SSDEEP

    12288:KDMZ2UOv2HCCVIiGQbmg9x/BUJTWM1SH91n6f2:zZm+LGQbmg9x/BUJTWM1c6e

Malware Config

Targets

    • Target

      4c516d6227d8a5ea4c3a80b546b5f29bd1e8aacb2c4256fb386057587c2943d0

    • Size

      634KB

    • MD5

      017b8a7a22581976656ad53727af5fb9

    • SHA1

      8f67369cf81554209a26ac4f8b691e9571526f30

    • SHA256

      4c516d6227d8a5ea4c3a80b546b5f29bd1e8aacb2c4256fb386057587c2943d0

    • SHA512

      73c5f0695ebce04c79587a4304682f4f1c4190d7d295b5a9e01669a3430a5c673eba572b1fd339711038f663a52ddd2f706c27a8d543b0a0ce1e6e7140fb923b

    • SSDEEP

      12288:KDMZ2UOv2HCCVIiGQbmg9x/BUJTWM1SH91n6f2:zZm+LGQbmg9x/BUJTWM1c6e

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks